General

  • Target

    f9e9c2a3e1b09a3f738a238a4d9ad98a486542247dd662d81a8e7f9ab4b02252

  • Size

    646KB

  • Sample

    250703-gkhgzafl6s

  • MD5

    42ee320d59ca66f6f4d3d65dbdb4161c

  • SHA1

    339454845449dafef8c77578a50aacf3e20f6883

  • SHA256

    f9e9c2a3e1b09a3f738a238a4d9ad98a486542247dd662d81a8e7f9ab4b02252

  • SHA512

    f747cefba7b3772ea8327dfb381af586a2d3e67f5e8491335b7d54f79b41fc415d5d717cbff3d290c4e80ec16588d2f866914da3da5f0a7280a017787678a199

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMY:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64zg

Score
10/10

Malware Config

Targets

    • Target

      f9e9c2a3e1b09a3f738a238a4d9ad98a486542247dd662d81a8e7f9ab4b02252

    • Size

      646KB

    • MD5

      42ee320d59ca66f6f4d3d65dbdb4161c

    • SHA1

      339454845449dafef8c77578a50aacf3e20f6883

    • SHA256

      f9e9c2a3e1b09a3f738a238a4d9ad98a486542247dd662d81a8e7f9ab4b02252

    • SHA512

      f747cefba7b3772ea8327dfb381af586a2d3e67f5e8491335b7d54f79b41fc415d5d717cbff3d290c4e80ec16588d2f866914da3da5f0a7280a017787678a199

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMY:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64zg

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks