bd0e627175e5a6862d7e6af202e34288f4b969d7824c9d43b3911baab2931402 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd0e627175e5a6862d7e6af202e34288f4b969d7824c9d43b3911baab2931402
Size

895KB
Sample

220919-bc1exshfe4
MD5

cc44aeb51e0d3eeca43d5da9af34fd21
SHA1

2ff758fbb4aae4cdcd9eef8f28d82da18f0e00f9
SHA256

bd0e627175e5a6862d7e6af202e34288f4b969d7824c9d43b3911baab2931402
SHA512

e21a7cdd36802a7bdb5fbc435c2c82b124400c9977d5dd6c9d782d7d8068419a32e936262def3c93a3fd9f584db5d80c9de22747b0e18ff012ad76d7fe3e16f0
SSDEEP

24576:k7/e7Grb/xcCM40qxGdQXiiMw7/+zeDxWxmdg:yeSa2ZGAiiR7HlWZ

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  bd0e627175e5a6862d7e6af202e34288f4b969d7824c9d43b3911baab2931402
- Size
  
  895KB
- MD5
  
  cc44aeb51e0d3eeca43d5da9af34fd21
- SHA1
  
  2ff758fbb4aae4cdcd9eef8f28d82da18f0e00f9
- SHA256
  
  bd0e627175e5a6862d7e6af202e34288f4b969d7824c9d43b3911baab2931402
- SHA512
  
  e21a7cdd36802a7bdb5fbc435c2c82b124400c9977d5dd6c9d782d7d8068419a32e936262def3c93a3fd9f584db5d80c9de22747b0e18ff012ad76d7fe3e16f0
- SSDEEP
  
  24576:k7/e7Grb/xcCM40qxGdQXiiMw7/+zeDxWxmdg:yeSa2ZGAiiR7HlWZ
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2