General

  • Target

    8d5d5396098f2a0904c609035f74e67fb36cb5427d7c1ef19457b3101653e3dd

  • Size

    4.1MB

  • Sample

    250703-gltavsfl7z

  • MD5

    298cb4d0b1fcee9e0c9611c3502ffd25

  • SHA1

    2cf6152c0b0e2ff1cb0f1accdfe9e58fc198681c

  • SHA256

    8d5d5396098f2a0904c609035f74e67fb36cb5427d7c1ef19457b3101653e3dd

  • SHA512

    6723c3ccbea37abe25d39325a367a35b61f45e593573826e735c244679d4ec8498e72af68150434fe4a832dab6f022d5e6f4691b1bde7070722c293939c58b73

  • SSDEEP

    49152:5Es17RLb7Lb7Lrrb7brb7Ewmgi4uYCgrGgCYuU1B3zCOGHrSGjwe18wGHLuRapXo:5E2Tz1GHrHwe1auRa1o

Score
10/10

Malware Config

Targets

    • Target

      8d5d5396098f2a0904c609035f74e67fb36cb5427d7c1ef19457b3101653e3dd

    • Size

      4.1MB

    • MD5

      298cb4d0b1fcee9e0c9611c3502ffd25

    • SHA1

      2cf6152c0b0e2ff1cb0f1accdfe9e58fc198681c

    • SHA256

      8d5d5396098f2a0904c609035f74e67fb36cb5427d7c1ef19457b3101653e3dd

    • SHA512

      6723c3ccbea37abe25d39325a367a35b61f45e593573826e735c244679d4ec8498e72af68150434fe4a832dab6f022d5e6f4691b1bde7070722c293939c58b73

    • SSDEEP

      49152:5Es17RLb7Lb7Lrrb7brb7Ewmgi4uYCgrGgCYuU1B3zCOGHrSGjwe18wGHLuRapXo:5E2Tz1GHrHwe1auRa1o

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks