bf251a5a5f8af44135a4d2d6662796f6c4cb53fed7453628113e434f08e9d07a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf251a5a5f8af44135a4d2d6662796f6c4cb53fed7453628113e434f08e9d07a
Size

83KB
Sample

221002-3lwa4sfee2
MD5

4dcae7fc350fa0741400bae824dc0ad6
SHA1

b22a23d80eee8c2fcd2cf6e143159ad0967b3512
SHA256

bf251a5a5f8af44135a4d2d6662796f6c4cb53fed7453628113e434f08e9d07a
SHA512

bfcd21210a26b358c17b59dfac4daf82a33d3e0d0635699569d0efd883a1e60455b8f09135e4f9f73c9f14f5223aca9141f374d5967a14c88a0166f82afa4715
SSDEEP

1536:0FGWJzMPMcbji/SBTjH9fJMHVZoRoIdRKzcEitG8wpEgDbXV4DoPVHP:6GWlgRbjim7QZoRotzcmEBuP

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  bf251a5a5f8af44135a4d2d6662796f6c4cb53fed7453628113e434f08e9d07a
- Size
  
  83KB
- MD5
  
  4dcae7fc350fa0741400bae824dc0ad6
- SHA1
  
  b22a23d80eee8c2fcd2cf6e143159ad0967b3512
- SHA256
  
  bf251a5a5f8af44135a4d2d6662796f6c4cb53fed7453628113e434f08e9d07a
- SHA512
  
  bfcd21210a26b358c17b59dfac4daf82a33d3e0d0635699569d0efd883a1e60455b8f09135e4f9f73c9f14f5223aca9141f374d5967a14c88a0166f82afa4715
- SSDEEP
  
  1536:0FGWJzMPMcbji/SBTjH9fJMHVZoRoIdRKzcEitG8wpEgDbXV4DoPVHP:6GWlgRbjim7QZoRotzcmEBuP
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2