513b60fa41c48298495f53a327d21ae78acf60836ddcb5dfd3c9f672d20b9b79 | Triage

Sharing

General

Target

513b60fa41c48298495f53a327d21ae78acf60836ddcb5dfd3c9f672d20b9b79
Size

22KB
Sample

221003-22hvaabdbk
MD5

50b1974f83dd6a3b216505d0eb18bfb4
SHA1

8d46e7d0fd7814fbf7fd061c1ea95128fe89bcd8
SHA256

513b60fa41c48298495f53a327d21ae78acf60836ddcb5dfd3c9f672d20b9b79
SHA512

5bc647ada0f4b616feb38ed17959cdc82288440cb14c5328f1a84282ecb3e79a6144b6286efcd47f4a4048c7d064ce48efe565202661a6f4391fe682437a9f64
SSDEEP

384:PDNBnHLG1wOsbp2X70O0xrvlTiq03za92tPydkJn/4QVZSMzh3:7NBHLlPbp2r6lTiq03/1ydkdZcMh

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  513b60fa41c48298495f53a327d21ae78acf60836ddcb5dfd3c9f672d20b9b79
- Size
  
  22KB
- MD5
  
  50b1974f83dd6a3b216505d0eb18bfb4
- SHA1
  
  8d46e7d0fd7814fbf7fd061c1ea95128fe89bcd8
- SHA256
  
  513b60fa41c48298495f53a327d21ae78acf60836ddcb5dfd3c9f672d20b9b79
- SHA512
  
  5bc647ada0f4b616feb38ed17959cdc82288440cb14c5328f1a84282ecb3e79a6144b6286efcd47f4a4048c7d064ce48efe565202661a6f4391fe682437a9f64
- SSDEEP
  
  384:PDNBnHLG1wOsbp2X70O0xrvlTiq03za92tPydkJn/4QVZSMzh3:7NBHLlPbp2r6lTiq03/1ydkdZcMh
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence