General

  • Target

    3b657e7ff1bf1f59e6e59595c60eee3b03fda8a9913de3f280157ca77db12481

  • Size

    724KB

  • Sample

    250703-glahrafl7x

  • MD5

    633809430fc122569303dfe9a99b4f2d

  • SHA1

    307bc2eeb1b07a97093b19bc4576679798348af9

  • SHA256

    3b657e7ff1bf1f59e6e59595c60eee3b03fda8a9913de3f280157ca77db12481

  • SHA512

    d2493ad8dc8065c6cf6cd6abc1d58273216ada962ffe1b418b5d71cbb66e0dd23fb09f179501482d8f546bd1289af76ed5f2e512891107993e0c829cec5886a6

  • SSDEEP

    12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIJqLv:iEtl9mRda1d+5KKB

Score
10/10

Malware Config

Targets

    • Target

      3b657e7ff1bf1f59e6e59595c60eee3b03fda8a9913de3f280157ca77db12481

    • Size

      724KB

    • MD5

      633809430fc122569303dfe9a99b4f2d

    • SHA1

      307bc2eeb1b07a97093b19bc4576679798348af9

    • SHA256

      3b657e7ff1bf1f59e6e59595c60eee3b03fda8a9913de3f280157ca77db12481

    • SHA512

      d2493ad8dc8065c6cf6cd6abc1d58273216ada962ffe1b418b5d71cbb66e0dd23fb09f179501482d8f546bd1289af76ed5f2e512891107993e0c829cec5886a6

    • SSDEEP

      12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIJqLv:iEtl9mRda1d+5KKB

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks