General

  • Target

    671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158

  • Size

    610KB

  • Sample

    250703-gpzbaat1cw

  • MD5

    636e49fc2f2e701b5ae9af1e02a265f4

  • SHA1

    10997780bff6d46b773cc1b77e3a4982581b9245

  • SHA256

    671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158

  • SHA512

    c9e5f232c3c1e68a485f6821165ae9433a448fa47416cf5bc1a21cbb5747cf08493223a3520e2ff8c04668a8888563d0439c8a2da6558d83c41a2d498daea82d

  • SSDEEP

    6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMv:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64L

Score
10/10

Malware Config

Targets

    • Target

      671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158

    • Size

      610KB

    • MD5

      636e49fc2f2e701b5ae9af1e02a265f4

    • SHA1

      10997780bff6d46b773cc1b77e3a4982581b9245

    • SHA256

      671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158

    • SHA512

      c9e5f232c3c1e68a485f6821165ae9433a448fa47416cf5bc1a21cbb5747cf08493223a3520e2ff8c04668a8888563d0439c8a2da6558d83c41a2d498daea82d

    • SSDEEP

      6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMv:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64L

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops startup file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks