General

  • Target

    605dedfbdc0a416dfaaf46c1d0d272d19c0ba7c3156760f252f74eb61c8dcd47

  • Size

    601KB

  • Sample

    250703-f1xq6ahq2w

  • MD5

    9b1ada2922a058214e17a3fc4ad822d0

  • SHA1

    54bc97b771b91fd3a165b735df8d3fb5c31f5eee

  • SHA256

    605dedfbdc0a416dfaaf46c1d0d272d19c0ba7c3156760f252f74eb61c8dcd47

  • SHA512

    31a7f65db11c54b71d1158be610ab8fc9ad1cfed6144cf11d68955d6fe6ba573b29cbc298335ee40973aa60c2b677a9ee85a19e52fd6935910924acca427172a

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMR:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64F

Score
10/10

Malware Config

Targets

    • Target

      605dedfbdc0a416dfaaf46c1d0d272d19c0ba7c3156760f252f74eb61c8dcd47

    • Size

      601KB

    • MD5

      9b1ada2922a058214e17a3fc4ad822d0

    • SHA1

      54bc97b771b91fd3a165b735df8d3fb5c31f5eee

    • SHA256

      605dedfbdc0a416dfaaf46c1d0d272d19c0ba7c3156760f252f74eb61c8dcd47

    • SHA512

      31a7f65db11c54b71d1158be610ab8fc9ad1cfed6144cf11d68955d6fe6ba573b29cbc298335ee40973aa60c2b677a9ee85a19e52fd6935910924acca427172a

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMR:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64F

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks