General

  • Target

    9beb509ba9a71a75f22dcde38df546305f20669abf2c588fe6387f7d5573237b

  • Size

    585KB

  • Sample

    250703-gpcghst1bv

  • MD5

    bf2f6ba63bb754c1a2476a97ca486bc6

  • SHA1

    14762885af16b93fc0f246bb3ee29c68c1dc787b

  • SHA256

    9beb509ba9a71a75f22dcde38df546305f20669abf2c588fe6387f7d5573237b

  • SHA512

    1a2318bc1964569894fae541cd093839f741656b9ede2173320da6f39591af2938ff3e2c0941ba8ed59b38e9de5154db98e4bc6161010ec8d9e574b230773241

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMr:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64Rl

Score
10/10

Malware Config

Targets

    • Target

      9beb509ba9a71a75f22dcde38df546305f20669abf2c588fe6387f7d5573237b

    • Size

      585KB

    • MD5

      bf2f6ba63bb754c1a2476a97ca486bc6

    • SHA1

      14762885af16b93fc0f246bb3ee29c68c1dc787b

    • SHA256

      9beb509ba9a71a75f22dcde38df546305f20669abf2c588fe6387f7d5573237b

    • SHA512

      1a2318bc1964569894fae541cd093839f741656b9ede2173320da6f39591af2938ff3e2c0941ba8ed59b38e9de5154db98e4bc6161010ec8d9e574b230773241

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMr:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64Rl

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks