General
-
Target
PISUNGOVNO.exe
-
Size
578KB
-
Sample
240706-j78c1svbrd
-
MD5
af68a885c579a1e4b7fec2d67254fb90
-
SHA1
cbba23e160ba0f759a38bc7681ce4aec53f3d220
-
SHA256
89cc026f98feadc56ef6ff6068c06b8ba1b723feed88b6b5c07b0c6733f4bd44
-
SHA512
47cd596aafd7fd5a80d18315a38d3a6415a68d19e3cfc4ed41111a20a4881ee3358bf923564a636936c8c51c3de41a786b60e254497c33618b769914ac349155
-
SSDEEP
6144:NQuFa77aQWHdYKtE09hviWW50RlPyx/3kcHGe6VlWT8b9U73VsPQkK6UVs/k8b5R:TA7rtG65gydSPVle8ot6UVsYXQFDkW
Malware Config
Targets
-
-
Target
PISUNGOVNO.exe
-
Size
578KB
-
MD5
af68a885c579a1e4b7fec2d67254fb90
-
SHA1
cbba23e160ba0f759a38bc7681ce4aec53f3d220
-
SHA256
89cc026f98feadc56ef6ff6068c06b8ba1b723feed88b6b5c07b0c6733f4bd44
-
SHA512
47cd596aafd7fd5a80d18315a38d3a6415a68d19e3cfc4ed41111a20a4881ee3358bf923564a636936c8c51c3de41a786b60e254497c33618b769914ac349155
-
SSDEEP
6144:NQuFa77aQWHdYKtE09hviWW50RlPyx/3kcHGe6VlWT8b9U73VsPQkK6UVs/k8b5R:TA7rtG65gydSPVle8ot6UVsYXQFDkW
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1