General

  • Target

    6634878c11a86748031c09657157a7926d92ce599d79ff1da34f52c0d175c3c3

  • Size

    556KB

  • Sample

    250703-f1m7qahp9z

  • MD5

    cdee69742677603ed34c5d7e08e62a55

  • SHA1

    553b000d536f9b54a0a8e3761af1ddcdaeab9da2

  • SHA256

    6634878c11a86748031c09657157a7926d92ce599d79ff1da34f52c0d175c3c3

  • SHA512

    883122da3794272ea368e96922031826eab9afc8b7558548b7a9f7547bcb8bb8767596c4cdad031725bf4f7745db396d947103e7ab1bebc49fc3dddf3e0a78ea

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMD:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64P

Score
10/10

Malware Config

Targets

    • Target

      6634878c11a86748031c09657157a7926d92ce599d79ff1da34f52c0d175c3c3

    • Size

      556KB

    • MD5

      cdee69742677603ed34c5d7e08e62a55

    • SHA1

      553b000d536f9b54a0a8e3761af1ddcdaeab9da2

    • SHA256

      6634878c11a86748031c09657157a7926d92ce599d79ff1da34f52c0d175c3c3

    • SHA512

      883122da3794272ea368e96922031826eab9afc8b7558548b7a9f7547bcb8bb8767596c4cdad031725bf4f7745db396d947103e7ab1bebc49fc3dddf3e0a78ea

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMD:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64P

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks