General

  • Target

    024d19e37bbd71572d78b6e2b0c352410b6f4a8000da863c9bb68e0c1ee1763e

  • Size

    1.3MB

  • Sample

    250703-gphzasvnv4

  • MD5

    929b0c4deba7b67a155e29e97c1daa68

  • SHA1

    144196264911963c087076b733ecf9c27be2ac7e

  • SHA256

    024d19e37bbd71572d78b6e2b0c352410b6f4a8000da863c9bb68e0c1ee1763e

  • SHA512

    ee3ba52774822341fd8e562f1b703a3492c6484a169c9906c6e1398a8fcda5cd9b8a7b8a86dc70fb093b3aa303e2daf8cc44b00447f54cf5821c0ba7a3e81721

  • SSDEEP

    24576:iEtl9mRda1d+5KKxywZK1V1qfUWv4WINuI4:5Es1I7haCrvmND4

Score
10/10

Malware Config

Targets

    • Target

      024d19e37bbd71572d78b6e2b0c352410b6f4a8000da863c9bb68e0c1ee1763e

    • Size

      1.3MB

    • MD5

      929b0c4deba7b67a155e29e97c1daa68

    • SHA1

      144196264911963c087076b733ecf9c27be2ac7e

    • SHA256

      024d19e37bbd71572d78b6e2b0c352410b6f4a8000da863c9bb68e0c1ee1763e

    • SHA512

      ee3ba52774822341fd8e562f1b703a3492c6484a169c9906c6e1398a8fcda5cd9b8a7b8a86dc70fb093b3aa303e2daf8cc44b00447f54cf5821c0ba7a3e81721

    • SSDEEP

      24576:iEtl9mRda1d+5KKxywZK1V1qfUWv4WINuI4:5Es1I7haCrvmND4

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks