523190f1fd2e4a7be94f790ae040a3375460123f371077f20864aec61ea016f6 | Triage

Sharing

General

Target

file
Size

1.1MB
Sample

210120-t5tae3q4cn
MD5

37d67bd746d37724222ec6c8f61d1a02
SHA1

ef202fb219bb84b2d860821a1ff213c4722fd90d
SHA256

523190f1fd2e4a7be94f790ae040a3375460123f371077f20864aec61ea016f6
SHA512

d5c571a1ec6ab63f8da91250e66bbc7cc6ae382e456a7f88f8a81ec711dae32333a30e653e8f613f1f6c3e0e67ec671a79ff066dc7e4034751eadabe3d416e2d

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  file
- Size
  
  1.1MB
- MD5
  
  37d67bd746d37724222ec6c8f61d1a02
- SHA1
  
  ef202fb219bb84b2d860821a1ff213c4722fd90d
- SHA256
  
  523190f1fd2e4a7be94f790ae040a3375460123f371077f20864aec61ea016f6
- SHA512
  
  d5c571a1ec6ab63f8da91250e66bbc7cc6ae382e456a7f88f8a81ec711dae32333a30e653e8f613f1f6c3e0e67ec671a79ff066dc7e4034751eadabe3d416e2d
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2