c589c3ffe9498e350a71024049e786772704a42873de61a966779d7794214183 | Triage

Sharing

General

Target

34594608a34303c900bc8ee61fd4f6a8.exe
Size

2.4MB
Sample

210117-39nmj1dxe2
MD5

34594608a34303c900bc8ee61fd4f6a8
SHA1

7ba01079bff6467a7138621be2e905f9b99a7b00
SHA256

c589c3ffe9498e350a71024049e786772704a42873de61a966779d7794214183
SHA512

41035b5c91f7445c1bd452f80db4c5f8b4f7cf0b0ff64ad04618d7ff035fa7709b91d32720e288731fcee3150e3aa389d1ed168653bedcb1034470dad3c8dead

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  34594608a34303c900bc8ee61fd4f6a8.exe
- Size
  
  2.4MB
- MD5
  
  34594608a34303c900bc8ee61fd4f6a8
- SHA1
  
  7ba01079bff6467a7138621be2e905f9b99a7b00
- SHA256
  
  c589c3ffe9498e350a71024049e786772704a42873de61a966779d7794214183
- SHA512
  
  41035b5c91f7445c1bd452f80db4c5f8b4f7cf0b0ff64ad04618d7ff035fa7709b91d32720e288731fcee3150e3aa389d1ed168653bedcb1034470dad3c8dead
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2