General

  • Target

    9c00dc166ac6c7e818a8663d1133341bc654ae731762786212bd97664f460a79

  • Size

    833KB

  • Sample

    250703-glxy2svm17

  • MD5

    9f9c36535f3e71566dd630a745d1d5b6

  • SHA1

    2ce2c08fad453301c717672c4be82e68e5f039f1

  • SHA256

    9c00dc166ac6c7e818a8663d1133341bc654ae731762786212bd97664f460a79

  • SHA512

    4f06c9b57692d78465baeb15325f61084a1aea684d0f1a7476ae598df3adeaa15cb510c39d38025996caa45d94b806960e13cbc364c1a36dd71ef36b86aeb4d8

  • SSDEEP

    12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIMhP7UQ2sJu:iEtl9mRda1d+5KKPJUAu

Score
10/10

Malware Config

Targets

    • Target

      9c00dc166ac6c7e818a8663d1133341bc654ae731762786212bd97664f460a79

    • Size

      833KB

    • MD5

      9f9c36535f3e71566dd630a745d1d5b6

    • SHA1

      2ce2c08fad453301c717672c4be82e68e5f039f1

    • SHA256

      9c00dc166ac6c7e818a8663d1133341bc654ae731762786212bd97664f460a79

    • SHA512

      4f06c9b57692d78465baeb15325f61084a1aea684d0f1a7476ae598df3adeaa15cb510c39d38025996caa45d94b806960e13cbc364c1a36dd71ef36b86aeb4d8

    • SSDEEP

      12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIMhP7UQ2sJu:iEtl9mRda1d+5KKPJUAu

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks