General

  • Target

    4fb6de343063cc21bceaf9ca8c9a00a12177f4512f8dcf42b124445aaeeb059b

  • Size

    704KB

  • Sample

    250703-f7cpkahq7s

  • MD5

    da90309be5c1a6e85fd9e5c59a4808be

  • SHA1

    4cc27170476c23d9e2a38708a3c38f4173d0d3cc

  • SHA256

    4fb6de343063cc21bceaf9ca8c9a00a12177f4512f8dcf42b124445aaeeb059b

  • SHA512

    99a2fc0df426218a4a41f4fd43a5fb0c143f43dad9bcf4ca496be48d47763c9d96bed457db89036ae1a57afc6bc9248a77eca69f0d8da309b6f420fafb659a88

  • SSDEEP

    12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIdq:iEtl9mRda1d+5KKj

Score
10/10

Malware Config

Targets

    • Target

      4fb6de343063cc21bceaf9ca8c9a00a12177f4512f8dcf42b124445aaeeb059b

    • Size

      704KB

    • MD5

      da90309be5c1a6e85fd9e5c59a4808be

    • SHA1

      4cc27170476c23d9e2a38708a3c38f4173d0d3cc

    • SHA256

      4fb6de343063cc21bceaf9ca8c9a00a12177f4512f8dcf42b124445aaeeb059b

    • SHA512

      99a2fc0df426218a4a41f4fd43a5fb0c143f43dad9bcf4ca496be48d47763c9d96bed457db89036ae1a57afc6bc9248a77eca69f0d8da309b6f420fafb659a88

    • SSDEEP

      12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIdq:iEtl9mRda1d+5KKj

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks