46c031f89e06be1b05f557a40b6ce36143e1e36c7acdcf52c6e0ad63cc90cec7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46c031f89e06be1b05f557a40b6ce36143e1e36c7acdcf52c6e0ad63cc90cec7
Size

65KB
Sample

221003-r4gd5abdg5
MD5

6e7696f146ceb715535703e65b2bbaf0
SHA1

523b89f1fbf5d86a1098f7b75f0c5a15bd0ae06c
SHA256

46c031f89e06be1b05f557a40b6ce36143e1e36c7acdcf52c6e0ad63cc90cec7
SHA512

255b40a9dcb120ac3e19f8b0d3461d677f8251736302fc3e9f8dd270b9f7a917261d506747bf5f4625aa4bf823db2afaad114d331436d040c2e12f38dc97dc85
SSDEEP

1536:EvHWn2n30Pzh5Oi3J82AaIiX+mITk9+Q4J9cOlj7rn:nnu0PjdtON24EOB7

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  46c031f89e06be1b05f557a40b6ce36143e1e36c7acdcf52c6e0ad63cc90cec7
- Size
  
  65KB
- MD5
  
  6e7696f146ceb715535703e65b2bbaf0
- SHA1
  
  523b89f1fbf5d86a1098f7b75f0c5a15bd0ae06c
- SHA256
  
  46c031f89e06be1b05f557a40b6ce36143e1e36c7acdcf52c6e0ad63cc90cec7
- SHA512
  
  255b40a9dcb120ac3e19f8b0d3461d677f8251736302fc3e9f8dd270b9f7a917261d506747bf5f4625aa4bf823db2afaad114d331436d040c2e12f38dc97dc85
- SSDEEP
  
  1536:EvHWn2n30Pzh5Oi3J82AaIiX+mITk9+Q4J9cOlj7rn:nnu0PjdtON24EOB7
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2