General

  • Target

    ade5864963e5ff0dc44711865b52a129f58c9609198c34716ed0d4bf39fe50b9

  • Size

    2.8MB

  • Sample

    250703-f1mk7ahp9y

  • MD5

    1fcf4218cf6141135cf68799037db0e2

  • SHA1

    5533ead5f9faf4394f7305264766fa0df5d96da6

  • SHA256

    ade5864963e5ff0dc44711865b52a129f58c9609198c34716ed0d4bf39fe50b9

  • SHA512

    c1cd201bdad5624a479b2d4fdf742e16d8ffe7f16f74d17484297e849088e7ee24b4e219cec430de4bbd02a53cd912c18b71b1c686d3ad5b4108a8c085545398

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwM6:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64m

Score
10/10

Malware Config

Targets

    • Target

      ade5864963e5ff0dc44711865b52a129f58c9609198c34716ed0d4bf39fe50b9

    • Size

      2.8MB

    • MD5

      1fcf4218cf6141135cf68799037db0e2

    • SHA1

      5533ead5f9faf4394f7305264766fa0df5d96da6

    • SHA256

      ade5864963e5ff0dc44711865b52a129f58c9609198c34716ed0d4bf39fe50b9

    • SHA512

      c1cd201bdad5624a479b2d4fdf742e16d8ffe7f16f74d17484297e849088e7ee24b4e219cec430de4bbd02a53cd912c18b71b1c686d3ad5b4108a8c085545398

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwM6:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64m

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks