General

  • Target

    8e984f256c902537a9c0796e7a102af64b7b961ab3470082afc6028b54381d1a

  • Size

    608KB

  • Sample

    250703-gn92dsfm4z

  • MD5

    8f9c615823c162a24cff074bfbba83f1

  • SHA1

    16ae4cb4d895a094c2858c9c779ddaf6d72dd990

  • SHA256

    8e984f256c902537a9c0796e7a102af64b7b961ab3470082afc6028b54381d1a

  • SHA512

    8bdbd2dfc8a50870be6a65d185a4d52a690ccadca888dca949101c8ef8e5a8ebbf9cce32443ed5aeedc23aaa23c8c7f90c84cf50e20086eaa996f11467a150bd

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwM5:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64RL

Score
10/10

Malware Config

Targets

    • Target

      8e984f256c902537a9c0796e7a102af64b7b961ab3470082afc6028b54381d1a

    • Size

      608KB

    • MD5

      8f9c615823c162a24cff074bfbba83f1

    • SHA1

      16ae4cb4d895a094c2858c9c779ddaf6d72dd990

    • SHA256

      8e984f256c902537a9c0796e7a102af64b7b961ab3470082afc6028b54381d1a

    • SHA512

      8bdbd2dfc8a50870be6a65d185a4d52a690ccadca888dca949101c8ef8e5a8ebbf9cce32443ed5aeedc23aaa23c8c7f90c84cf50e20086eaa996f11467a150bd

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwM5:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64RL

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks