5c65ea625328c3c6978e7ea60b9e7ef1cf3bf75a9697cd2d18987869faf32c0e | Triage

Sharing

General

Target

5c65ea625328c3c6978e7ea60b9e7ef1cf3bf75a9697cd2d18987869faf32c0e
Size

455KB
Sample

220919-qcaltsabb4
MD5

1c680c001b3fafd5ab61ef20c05f1553
SHA1

08a43185cda7f8b7b73734c574ba9ef0c4cd2130
SHA256

5c65ea625328c3c6978e7ea60b9e7ef1cf3bf75a9697cd2d18987869faf32c0e
SHA512

4dc3f314f3af28527f11531db3577401ffd493ece7e3f984d092d0bfb15f4047a888fc17f3898bb7f2daa3f8e1c1818e0aa0d0f4b3cce8d55eab95c2d8317706
SSDEEP

12288:yy/vD028/618D4ODwVc2flmIQfWHyftK2NBV4DI:v/o28CzYXVVZftK2NBV4DI

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5c65ea625328c3c6978e7ea60b9e7ef1cf3bf75a9697cd2d18987869faf32c0e
- Size
  
  455KB
- MD5
  
  1c680c001b3fafd5ab61ef20c05f1553
- SHA1
  
  08a43185cda7f8b7b73734c574ba9ef0c4cd2130
- SHA256
  
  5c65ea625328c3c6978e7ea60b9e7ef1cf3bf75a9697cd2d18987869faf32c0e
- SHA512
  
  4dc3f314f3af28527f11531db3577401ffd493ece7e3f984d092d0bfb15f4047a888fc17f3898bb7f2daa3f8e1c1818e0aa0d0f4b3cce8d55eab95c2d8317706
- SSDEEP
  
  12288:yy/vD028/618D4ODwVc2flmIQfWHyftK2NBV4DI:v/o28CzYXVVZftK2NBV4DI
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2