General

  • Target

    7781592b7711b93f4e6419d3d3766c35bd78e051e663e4dba009ca6f3f7ffce2

  • Size

    576KB

  • Sample

    250703-f61p1avlw3

  • MD5

    d4d33ae44c3aabeda430782f83f57c17

  • SHA1

    4e6f4ddfc06fd946bd2a02e5208a5307174c06f8

  • SHA256

    7781592b7711b93f4e6419d3d3766c35bd78e051e663e4dba009ca6f3f7ffce2

  • SHA512

    50efd9e18bf80c1909a174e1ccad6553d620ee8f9b42808aff615454471e3b67825c036f24549d629d949887adeb1717c83903e7d8aa3b2962e06ac5729d37af

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMu:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64S

Score
10/10

Malware Config

Targets

    • Target

      7781592b7711b93f4e6419d3d3766c35bd78e051e663e4dba009ca6f3f7ffce2

    • Size

      576KB

    • MD5

      d4d33ae44c3aabeda430782f83f57c17

    • SHA1

      4e6f4ddfc06fd946bd2a02e5208a5307174c06f8

    • SHA256

      7781592b7711b93f4e6419d3d3766c35bd78e051e663e4dba009ca6f3f7ffce2

    • SHA512

      50efd9e18bf80c1909a174e1ccad6553d620ee8f9b42808aff615454471e3b67825c036f24549d629d949887adeb1717c83903e7d8aa3b2962e06ac5729d37af

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMu:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64S

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks