6da566292ecbe1fac6f0c5cb5125735a120cb4b7714dc3f72de5e65a2af7a768 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6da566292ecbe1fac6f0c5cb5125735a120cb4b7714dc3f72de5e65a2af7a768
Size

104KB
Sample

221004-cbbwlsgcbp
MD5

68c1f1475dea760ece069e0a11436b21
SHA1

0b530a3d136ae7ccc3ef986b8f448882f8590ba4
SHA256

6da566292ecbe1fac6f0c5cb5125735a120cb4b7714dc3f72de5e65a2af7a768
SHA512

eee7c36ecad39207e0d08f066bd0f85e479185cc99b829e0447a739b311cbabc07e5470097f027ef43a0977f17979c7e17eba3927b83e812936fb8eab0b212c9
SSDEEP

1536:JcEjbuGtzyf4Ac3gPc/9mrRu4UPoIPEnyigGi497Q2X87GW1sys/+cy6:Lb57Ac3X/grkNgIPyyFGiG7Q2YoWc

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  6da566292ecbe1fac6f0c5cb5125735a120cb4b7714dc3f72de5e65a2af7a768
- Size
  
  104KB
- MD5
  
  68c1f1475dea760ece069e0a11436b21
- SHA1
  
  0b530a3d136ae7ccc3ef986b8f448882f8590ba4
- SHA256
  
  6da566292ecbe1fac6f0c5cb5125735a120cb4b7714dc3f72de5e65a2af7a768
- SHA512
  
  eee7c36ecad39207e0d08f066bd0f85e479185cc99b829e0447a739b311cbabc07e5470097f027ef43a0977f17979c7e17eba3927b83e812936fb8eab0b212c9
- SSDEEP
  
  1536:JcEjbuGtzyf4Ac3gPc/9mrRu4UPoIPEnyigGi497Q2X87GW1sys/+cy6:Lb57Ac3X/grkNgIPyyFGiG7Q2YoWc
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2