General

  • Target

    SecuriteInfo.com.Win32.HLLW.Autoruner1.38636.30902.31421

  • Size

    113KB

  • Sample

    200801-d7svbn1jnn

  • MD5

    605fd6ecbb77d69c381f18a865002edb

  • SHA1

    7d5f8df774d0c28f0165c30369037e2a3584aab6

  • SHA256

    9bd190203a73b19bda71958ad24f3b7cfc2867e5ac6c607444c6e406fb3ab476

  • SHA512

    bae1cb11245d6a5d3d254b72b043107b7e94ea873678a9c2d061125e38ad4f6d24dbffea5c3b15a6e51659a90f104139c9cb2e0863e58aaab45041af34e2598c

Score
10/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.HLLW.Autoruner1.38636.30902.31421

    • Size

      113KB

    • MD5

      605fd6ecbb77d69c381f18a865002edb

    • SHA1

      7d5f8df774d0c28f0165c30369037e2a3584aab6

    • SHA256

      9bd190203a73b19bda71958ad24f3b7cfc2867e5ac6c607444c6e406fb3ab476

    • SHA512

      bae1cb11245d6a5d3d254b72b043107b7e94ea873678a9c2d061125e38ad4f6d24dbffea5c3b15a6e51659a90f104139c9cb2e0863e58aaab45041af34e2598c

    Score
    10/10
    • Modifies WinLogon for persistence

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Modifies WinLogon

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

2
T1004

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Tasks