General

  • Target

    c2cbc2bfbdd15ca2fd57247bc0f826f765de6fecf11ed3adf47f6f8a610c7e7e

  • Size

    692KB

  • Sample

    250703-gn3mbafm4w

  • MD5

    e533a87db64e8a60005cdfee5b3a001f

  • SHA1

    1739ae8a57985d0012ec6100b450a253d22afc78

  • SHA256

    c2cbc2bfbdd15ca2fd57247bc0f826f765de6fecf11ed3adf47f6f8a610c7e7e

  • SHA512

    375405a2cc98196d7ff37b291fcf385dcb9e0671d14a94f3ba1ffbf424299f51386706c6ee4776679f723ae5f4dcf0c71654c40a6f14f36afae8e894b508e822

  • SSDEEP

    12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrID:iEtl9mRda1d+5KKA

Score
10/10

Malware Config

Targets

    • Target

      c2cbc2bfbdd15ca2fd57247bc0f826f765de6fecf11ed3adf47f6f8a610c7e7e

    • Size

      692KB

    • MD5

      e533a87db64e8a60005cdfee5b3a001f

    • SHA1

      1739ae8a57985d0012ec6100b450a253d22afc78

    • SHA256

      c2cbc2bfbdd15ca2fd57247bc0f826f765de6fecf11ed3adf47f6f8a610c7e7e

    • SHA512

      375405a2cc98196d7ff37b291fcf385dcb9e0671d14a94f3ba1ffbf424299f51386706c6ee4776679f723ae5f4dcf0c71654c40a6f14f36afae8e894b508e822

    • SSDEEP

      12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrID:iEtl9mRda1d+5KKA

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks