General

  • Target

    6fb9e367296a89650720e7a08d68da70de8b1a1bb6f768237e4cf7a8360e3ed1

  • Size

    833KB

  • Sample

    250703-gnvlpsfm3x

  • MD5

    2baf87ceb15f5dcca5a6c575d042508f

  • SHA1

    1842f2c23d2a42c40264092c6715c14ff4d63377

  • SHA256

    6fb9e367296a89650720e7a08d68da70de8b1a1bb6f768237e4cf7a8360e3ed1

  • SHA512

    47a151671399d12bde4813bdc47714f43313e873a2e274f66edae6a122221fab0ee0406df76e6bae2f3321ffba8aed4cabb7017ebb49a9340d00f43acdedd41e

  • SSDEEP

    12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIThP7UQ2sJw:iEtl9mRda1d+5KKUJUAw

Score
10/10

Malware Config

Targets

    • Target

      6fb9e367296a89650720e7a08d68da70de8b1a1bb6f768237e4cf7a8360e3ed1

    • Size

      833KB

    • MD5

      2baf87ceb15f5dcca5a6c575d042508f

    • SHA1

      1842f2c23d2a42c40264092c6715c14ff4d63377

    • SHA256

      6fb9e367296a89650720e7a08d68da70de8b1a1bb6f768237e4cf7a8360e3ed1

    • SHA512

      47a151671399d12bde4813bdc47714f43313e873a2e274f66edae6a122221fab0ee0406df76e6bae2f3321ffba8aed4cabb7017ebb49a9340d00f43acdedd41e

    • SSDEEP

      12288:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64hY8+5MtnKrIThP7UQ2sJw:iEtl9mRda1d+5KKUJUAw

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks