a70135b5613e1ccd135f34bd8a744b9f57bea88c41a61a6a80906e4250f4dd01 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a70135b5613e1ccd135f34bd8a744b9f57bea88c41a61a6a80906e4250f4dd01
Size

44KB
Sample

220919-ld9ebsadb5
MD5

83861c6fe384d85ca01dd217a4b61675
SHA1

ef094fe2b732307f883010c4c475f43e949ee1c6
SHA256

a70135b5613e1ccd135f34bd8a744b9f57bea88c41a61a6a80906e4250f4dd01
SHA512

e6754f4955e5f2aca57d43af2da47a9b1a14d3f5e047f91ad4f8d6a0af5b717447c43376dff3688e7414ee7749dda927d6d84e444e568d2fb646fd2c33215166
SSDEEP

768:pqCFGC6IlWi4KlBmRxiy4yKFtaWxp96Vg5EWS8Wb:pqzC6Ici4KbmRjMtXwkEt

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a70135b5613e1ccd135f34bd8a744b9f57bea88c41a61a6a80906e4250f4dd01
- Size
  
  44KB
- MD5
  
  83861c6fe384d85ca01dd217a4b61675
- SHA1
  
  ef094fe2b732307f883010c4c475f43e949ee1c6
- SHA256
  
  a70135b5613e1ccd135f34bd8a744b9f57bea88c41a61a6a80906e4250f4dd01
- SHA512
  
  e6754f4955e5f2aca57d43af2da47a9b1a14d3f5e047f91ad4f8d6a0af5b717447c43376dff3688e7414ee7749dda927d6d84e444e568d2fb646fd2c33215166
- SSDEEP
  
  768:pqCFGC6IlWi4KlBmRxiy4yKFtaWxp96Vg5EWS8Wb:pqzC6Ici4KbmRjMtXwkEt
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2