General

  • Target

    406b54c5aa2220ee26e93b0fe29b58f2c9607b2b8d4c784eacdd64fb3d02b937

  • Size

    858KB

  • Sample

    250703-gljfnatzhs

  • MD5

    2ddcc9e390be3b579108684da110a56e

  • SHA1

    2d1cc05302ba03f5b9e15ae84b5396602c83f764

  • SHA256

    406b54c5aa2220ee26e93b0fe29b58f2c9607b2b8d4c784eacdd64fb3d02b937

  • SHA512

    a9b01395eecd3bff27a31ff4a268eee0b9dd3a6679ee79ff4633422e76fa2073c4c4f43fb07899d7a0baeffe0738a472591fbbb695b1b6c2ce7c378a70a438e0

  • SSDEEP

    12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64Cmv3dKViResBu2FkwEBx3c:iEtl9mRda1Emv3dqsBu2Fm3M

Score
10/10

Malware Config

Targets

    • Target

      406b54c5aa2220ee26e93b0fe29b58f2c9607b2b8d4c784eacdd64fb3d02b937

    • Size

      858KB

    • MD5

      2ddcc9e390be3b579108684da110a56e

    • SHA1

      2d1cc05302ba03f5b9e15ae84b5396602c83f764

    • SHA256

      406b54c5aa2220ee26e93b0fe29b58f2c9607b2b8d4c784eacdd64fb3d02b937

    • SHA512

      a9b01395eecd3bff27a31ff4a268eee0b9dd3a6679ee79ff4633422e76fa2073c4c4f43fb07899d7a0baeffe0738a472591fbbb695b1b6c2ce7c378a70a438e0

    • SSDEEP

      12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64Cmv3dKViResBu2FkwEBx3c:iEtl9mRda1Emv3dqsBu2Fm3M

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks