General

  • Target

    OneLogon18.exe

  • Size

    7.0MB

  • Sample

    250502-rq31zacq7t

  • MD5

    2a813276441a632cd9a5eb92f358dc14

  • SHA1

    49c482ff76ee976285abfafe16e8e027f383222f

  • SHA256

    8ef8e086efa63aa9425023856a028d616ac9489fa817960dfcc39f55b02c2a25

  • SHA512

    6a2f0ba02c756fe3a02a53cca69b1fb824ecbcca17d166d83bad6fe73a3ccaef01c47b74cb841e9e3aaf4e9fe69cd2e22000d0a3975aae35d759da36c10a6ce3

  • SSDEEP

    98304:BDqUGQ0nuaZsz+uFI8nuZhCMYkcIt5FkOwSrIcUsLXRL2wbLp8FPg6XwKKmF:BmFuog+QurH/P/XRL4P2KKmF

Malware Config

Targets

    • Target

      OneLogon18.exe

    • Size

      7.0MB

    • MD5

      2a813276441a632cd9a5eb92f358dc14

    • SHA1

      49c482ff76ee976285abfafe16e8e027f383222f

    • SHA256

      8ef8e086efa63aa9425023856a028d616ac9489fa817960dfcc39f55b02c2a25

    • SHA512

      6a2f0ba02c756fe3a02a53cca69b1fb824ecbcca17d166d83bad6fe73a3ccaef01c47b74cb841e9e3aaf4e9fe69cd2e22000d0a3975aae35d759da36c10a6ce3

    • SSDEEP

      98304:BDqUGQ0nuaZsz+uFI8nuZhCMYkcIt5FkOwSrIcUsLXRL2wbLp8FPg6XwKKmF:BmFuog+QurH/P/XRL4P2KKmF

    • Clears Windows event logs

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v16

Tasks