General

  • Target

    4fb04b099a37aeae2f58685b8fb08bca298f8f68d5dfc45ceb9fa398e9f109ea

  • Size

    59KB

  • Sample

    210405-kme1cehhae

  • MD5

    ccb2db4a8a284f62db7002be470ac542

  • SHA1

    b2bdb5ed1ff743117cdf8500a498e247febbb6ec

  • SHA256

    4fb04b099a37aeae2f58685b8fb08bca298f8f68d5dfc45ceb9fa398e9f109ea

  • SHA512

    1472e175170bb13173963b479cd90e304b58554908b27caa0e813c47eaf8f85ac3783ce9240cab70a2d6349840ea5069cf44196695f64fdddf1a68ba1ce68f29

Score
10/10

Malware Config

Targets

    • Target

      4fb04b099a37aeae2f58685b8fb08bca298f8f68d5dfc45ceb9fa398e9f109ea

    • Size

      59KB

    • MD5

      ccb2db4a8a284f62db7002be470ac542

    • SHA1

      b2bdb5ed1ff743117cdf8500a498e247febbb6ec

    • SHA256

      4fb04b099a37aeae2f58685b8fb08bca298f8f68d5dfc45ceb9fa398e9f109ea

    • SHA512

      1472e175170bb13173963b479cd90e304b58554908b27caa0e813c47eaf8f85ac3783ce9240cab70a2d6349840ea5069cf44196695f64fdddf1a68ba1ce68f29

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks