f8c9c16f93a8ad5942fc9c8eaf432f4ad3644c857534d9878e673fe84b5bde7f | Triage

Sharing

General

Target

f8c9c16f93a8ad5942fc9c8eaf432f4ad3644c857534d9878e673fe84b5bde7f
Size

152KB
Sample

221004-bcgyksegd4
MD5

65ef4e88bfd8cf762a53043115dc272b
SHA1

f4f00108124e736815525ee541bbcc5ecd3b7c41
SHA256

f8c9c16f93a8ad5942fc9c8eaf432f4ad3644c857534d9878e673fe84b5bde7f
SHA512

96ecea4365be6a6263010f7321a43ff5a99f6599b41750bde7366f69f3d0178bca1c554e44c13ae54d383645073b702c7549bdd8ba609056c195cd5164302568
SSDEEP

3072:+3eENKJm2/EJfG1wk/qCdcpHvAZXjKCd4lc3E7DL1L:+eENKEvfer2vkXBXiD

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f8c9c16f93a8ad5942fc9c8eaf432f4ad3644c857534d9878e673fe84b5bde7f
- Size
  
  152KB
- MD5
  
  65ef4e88bfd8cf762a53043115dc272b
- SHA1
  
  f4f00108124e736815525ee541bbcc5ecd3b7c41
- SHA256
  
  f8c9c16f93a8ad5942fc9c8eaf432f4ad3644c857534d9878e673fe84b5bde7f
- SHA512
  
  96ecea4365be6a6263010f7321a43ff5a99f6599b41750bde7366f69f3d0178bca1c554e44c13ae54d383645073b702c7549bdd8ba609056c195cd5164302568
- SSDEEP
  
  3072:+3eENKJm2/EJfG1wk/qCdcpHvAZXjKCd4lc3E7DL1L:+eENKEvfer2vkXBXiD
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2