e79461ab557c32069b7b6e28ff1412c3da2d9627c5d0bb6bf7f9606231b15122 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e79461ab557c32069b7b6e28ff1412c3da2d9627c5d0bb6bf7f9606231b15122
Size

32KB
Sample

221002-18s36aefal
MD5

326f8d7ff5ecbddd1658e6dbf3b0bef0
SHA1

d270fa5e7c518b77b4641915ec5df191b4e0d498
SHA256

e79461ab557c32069b7b6e28ff1412c3da2d9627c5d0bb6bf7f9606231b15122
SHA512

82bcad896193a753218509b51013787461166ab01be28406ad12e6b4bc6215fcc380caa727dda6f670edd09e1710ccceba882eaa85b7d74feb34c8125d97574f
SSDEEP

768:MKksiHDXKSzU92zeISSj2r0XmKde+fjzFTJu8xRWJB:AHDXKR2zVr2QXHdNzZMYRWJB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e79461ab557c32069b7b6e28ff1412c3da2d9627c5d0bb6bf7f9606231b15122
- Size
  
  32KB
- MD5
  
  326f8d7ff5ecbddd1658e6dbf3b0bef0
- SHA1
  
  d270fa5e7c518b77b4641915ec5df191b4e0d498
- SHA256
  
  e79461ab557c32069b7b6e28ff1412c3da2d9627c5d0bb6bf7f9606231b15122
- SHA512
  
  82bcad896193a753218509b51013787461166ab01be28406ad12e6b4bc6215fcc380caa727dda6f670edd09e1710ccceba882eaa85b7d74feb34c8125d97574f
- SSDEEP
  
  768:MKksiHDXKSzU92zeISSj2r0XmKde+fjzFTJu8xRWJB:AHDXKR2zVr2QXHdNzZMYRWJB
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence