2e511be2c642c3e1431270222038d3481f76511277fdbf1c3d6ba0b5b6ae1f44 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e511be2c642c3e1431270222038d3481f76511277fdbf1c3d6ba0b5b6ae1f44
Size

206KB
Sample

220919-efse9sbafj
MD5

0283e9191edaf9bd3084abe4c58d5f88
SHA1

366440e5b64744adac76544829341fa054287f4e
SHA256

2e511be2c642c3e1431270222038d3481f76511277fdbf1c3d6ba0b5b6ae1f44
SHA512

b9543c5018253852b9a07aa52ea73e5e605b9d1b62e187e283dae788c6f95356bb7dbbb1c0fb23d416f9c51f40e41d21baeda544b1d218ef14ef550decb18aec
SSDEEP

3072:YvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unO:YvEN2U+T6i5LirrllHy4HUcMQY67

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2e511be2c642c3e1431270222038d3481f76511277fdbf1c3d6ba0b5b6ae1f44
- Size
  
  206KB
- MD5
  
  0283e9191edaf9bd3084abe4c58d5f88
- SHA1
  
  366440e5b64744adac76544829341fa054287f4e
- SHA256
  
  2e511be2c642c3e1431270222038d3481f76511277fdbf1c3d6ba0b5b6ae1f44
- SHA512
  
  b9543c5018253852b9a07aa52ea73e5e605b9d1b62e187e283dae788c6f95356bb7dbbb1c0fb23d416f9c51f40e41d21baeda544b1d218ef14ef550decb18aec
- SSDEEP
  
  3072:YvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unO:YvEN2U+T6i5LirrllHy4HUcMQY67
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence