f56e51959e7d56c18f380f5a9ef77e4ddd8d83840d8d23e296e67bd9091d9ebf | Triage

Sharing

General

Target

f56e51959e7d56c18f380f5a9ef77e4ddd8d83840d8d23e296e67bd9091d9ebf
Size

63KB
Sample

221001-1w3rtshcb3
MD5

5743d163d21d7fd3f636f72e90d23205
SHA1

74a0c3592970b5012e98e0cc968b67fb87a66b4a
SHA256

f56e51959e7d56c18f380f5a9ef77e4ddd8d83840d8d23e296e67bd9091d9ebf
SHA512

29c993474bc4ec355f9cc8a54b28dbddcbece7b1697d80430fce36cb6513c679b53d9db9abb4b38741d901bf719c07ca7ff1800c02708634eacb25715acbd7ce
SSDEEP

1536:7v0CePVW5K2uKqxFhphwshnxmYwY3inhJ:7aNW5HuKqxHphwsSYjIJ

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f56e51959e7d56c18f380f5a9ef77e4ddd8d83840d8d23e296e67bd9091d9ebf
- Size
  
  63KB
- MD5
  
  5743d163d21d7fd3f636f72e90d23205
- SHA1
  
  74a0c3592970b5012e98e0cc968b67fb87a66b4a
- SHA256
  
  f56e51959e7d56c18f380f5a9ef77e4ddd8d83840d8d23e296e67bd9091d9ebf
- SHA512
  
  29c993474bc4ec355f9cc8a54b28dbddcbece7b1697d80430fce36cb6513c679b53d9db9abb4b38741d901bf719c07ca7ff1800c02708634eacb25715acbd7ce
- SSDEEP
  
  1536:7v0CePVW5K2uKqxFhphwshnxmYwY3inhJ:7aNW5HuKqxHphwsSYjIJ
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2