cfeb1e670dac64b057eec3d0dee1fff018e64e081b5b67dc54f715a672fe229d | Triage

Sharing

General

Target

cfeb1e670dac64b057eec3d0dee1fff018e64e081b5b67dc54f715a672fe229d
Size

1.1MB
Sample

220919-hynftadee2
MD5

34959373b12605d845f9aaa1b5e6a718
SHA1

dceaabf833dc200642ed945996aef20562d6c5fd
SHA256

cfeb1e670dac64b057eec3d0dee1fff018e64e081b5b67dc54f715a672fe229d
SHA512

984a158d67eecb46526ff15680fda42154bfb974013861c7db5d190ae8ecb7769dc38fef0cb1b67f3a7cf8d0cb33c52f2e560afbca54319b21bbfded6daeb86c
SSDEEP

12288:lenxWYKa5A932NNHoOKGzSDBfy/18Qd1opGJpXWsyFLr7xC76N4bJVVv5LloUEoP:lenMnpquXGzgey5uNwFLr7gBVVvhz1

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  cfeb1e670dac64b057eec3d0dee1fff018e64e081b5b67dc54f715a672fe229d
- Size
  
  1.1MB
- MD5
  
  34959373b12605d845f9aaa1b5e6a718
- SHA1
  
  dceaabf833dc200642ed945996aef20562d6c5fd
- SHA256
  
  cfeb1e670dac64b057eec3d0dee1fff018e64e081b5b67dc54f715a672fe229d
- SHA512
  
  984a158d67eecb46526ff15680fda42154bfb974013861c7db5d190ae8ecb7769dc38fef0cb1b67f3a7cf8d0cb33c52f2e560afbca54319b21bbfded6daeb86c
- SSDEEP
  
  12288:lenxWYKa5A932NNHoOKGzSDBfy/18Qd1opGJpXWsyFLr7xC76N4bJVVv5LloUEoP:lenMnpquXGzgey5uNwFLr7gBVVvhz1
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2