6b425b29d61cc55f1a2a37349a429ad0e4c8d32526f9e89fcaf1f54326c8ef25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b425b29d61cc55f1a2a37349a429ad0e4c8d32526f9e89fcaf1f54326c8ef25
Size

86KB
Sample

221003-kkd2bsfea7
MD5

6cec9310663d45830074e0f7bdb482d0
SHA1

7e9c49b228fc66e28bff855f1b4cc4bda77c34aa
SHA256

6b425b29d61cc55f1a2a37349a429ad0e4c8d32526f9e89fcaf1f54326c8ef25
SHA512

f3aa85601f9be4382ce8a9c905e1c1ef963000bec05a59f9ff1d7adb4c6872ca6132461f912c75d0ef560032801e815a27b060d02beca68b3f8b1d1d6bf19956
SSDEEP

1536:wtAnk3zTm9VPv5noyHccVyASEr2ovcI/SnYiDN/G:2AnkWRoyHDIskIKYKN/

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  6b425b29d61cc55f1a2a37349a429ad0e4c8d32526f9e89fcaf1f54326c8ef25
- Size
  
  86KB
- MD5
  
  6cec9310663d45830074e0f7bdb482d0
- SHA1
  
  7e9c49b228fc66e28bff855f1b4cc4bda77c34aa
- SHA256
  
  6b425b29d61cc55f1a2a37349a429ad0e4c8d32526f9e89fcaf1f54326c8ef25
- SHA512
  
  f3aa85601f9be4382ce8a9c905e1c1ef963000bec05a59f9ff1d7adb4c6872ca6132461f912c75d0ef560032801e815a27b060d02beca68b3f8b1d1d6bf19956
- SSDEEP
  
  1536:wtAnk3zTm9VPv5noyHccVyASEr2ovcI/SnYiDN/G:2AnkWRoyHDIskIKYKN/
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2