General

  • Target

    0562680aadf7883f0dfa6d49b6efb26f68829b6e42e48874cdb603c4ceea2638

  • Size

    586KB

  • Sample

    250703-gprw7st1cs

  • MD5

    5fab38bcb84f31bfc2331f411c685dba

  • SHA1

    11270c9cb671d0cc9f0196ccd93870de6e684c5b

  • SHA256

    0562680aadf7883f0dfa6d49b6efb26f68829b6e42e48874cdb603c4ceea2638

  • SHA512

    18adba182ba176717cdec76fdf001146c55b7b84e0a495384fae37b51a7145a6969a543e759b85f029340447fcb71904bf89533085d784d3be98b8a5a5e74d4b

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMK:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64ef

Score
10/10

Malware Config

Targets

    • Target

      0562680aadf7883f0dfa6d49b6efb26f68829b6e42e48874cdb603c4ceea2638

    • Size

      586KB

    • MD5

      5fab38bcb84f31bfc2331f411c685dba

    • SHA1

      11270c9cb671d0cc9f0196ccd93870de6e684c5b

    • SHA256

      0562680aadf7883f0dfa6d49b6efb26f68829b6e42e48874cdb603c4ceea2638

    • SHA512

      18adba182ba176717cdec76fdf001146c55b7b84e0a495384fae37b51a7145a6969a543e759b85f029340447fcb71904bf89533085d784d3be98b8a5a5e74d4b

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMK:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64ef

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks