General

  • Target

    6de7dd44971d5f22389b257a3b2a9ff28fef2561238e2f15653642ec26f566c2

  • Size

    769KB

  • Sample

    250703-gk1csavmz9

  • MD5

    77fd34883b7edada32d7173ab1dd680d

  • SHA1

    3186a8892091943902155944b719329f2a4311be

  • SHA256

    6de7dd44971d5f22389b257a3b2a9ff28fef2561238e2f15653642ec26f566c2

  • SHA512

    ef16aa70b68776f5d3fc1f9509145b7f273a00910e8199b783e6e0f11e220100ad17c9632a68ee78c8abe59683b7bdaead1ee8550292db5f1a1edeb397a1db96

  • SSDEEP

    12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIrHS7r:iEtl9mRda1d+5KKIyn

Score
10/10

Malware Config

Targets

    • Target

      6de7dd44971d5f22389b257a3b2a9ff28fef2561238e2f15653642ec26f566c2

    • Size

      769KB

    • MD5

      77fd34883b7edada32d7173ab1dd680d

    • SHA1

      3186a8892091943902155944b719329f2a4311be

    • SHA256

      6de7dd44971d5f22389b257a3b2a9ff28fef2561238e2f15653642ec26f566c2

    • SHA512

      ef16aa70b68776f5d3fc1f9509145b7f273a00910e8199b783e6e0f11e220100ad17c9632a68ee78c8abe59683b7bdaead1ee8550292db5f1a1edeb397a1db96

    • SSDEEP

      12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIrHS7r:iEtl9mRda1d+5KKIyn

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks