0912b182e48543080e6392658f56a564690d58788c7f7c905effa8e5e4167699 | Triage

Sharing

General

Target

0912b182e48543080e6392658f56a564690d58788c7f7c905effa8e5e4167699
Size

66KB
Sample

221001-z5qm7ahccn
MD5

61b0277303976c2bb3d27a100787c194
SHA1

3b23ab16fa7137bc399ab537bab42000fb79ec6e
SHA256

0912b182e48543080e6392658f56a564690d58788c7f7c905effa8e5e4167699
SHA512

df4997f999f2a3141d1bed6038c319c9139cfe64a61e3cf361636af290da37eb8a5af97044d7ba1d3fc5faa75cc7e22164df6308b440fb0e203e2d26d8c634af
SSDEEP

1536:qs/iYvnnkx/fv2faimpgH21j3M5fd1gCYN:/4fvQamSMZfs

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0912b182e48543080e6392658f56a564690d58788c7f7c905effa8e5e4167699
- Size
  
  66KB
- MD5
  
  61b0277303976c2bb3d27a100787c194
- SHA1
  
  3b23ab16fa7137bc399ab537bab42000fb79ec6e
- SHA256
  
  0912b182e48543080e6392658f56a564690d58788c7f7c905effa8e5e4167699
- SHA512
  
  df4997f999f2a3141d1bed6038c319c9139cfe64a61e3cf361636af290da37eb8a5af97044d7ba1d3fc5faa75cc7e22164df6308b440fb0e203e2d26d8c634af
- SSDEEP
  
  1536:qs/iYvnnkx/fv2faimpgH21j3M5fd1gCYN:/4fvQamSMZfs
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2