f94f453101a64eea061afffa5c35c95d1fce1ccf26583872f19a9e2a68be40c5 | Triage

Sharing

General

Target

f94f453101a64eea061afffa5c35c95d1fce1ccf26583872f19a9e2a68be40c5
Size

108KB
Sample

221004-dqb1laadc3
MD5

62b2845c8526d0427800505bd3fb841b
SHA1

54c3b7a6668bd90c4ae491bb6aa990f35b35243b
SHA256

f94f453101a64eea061afffa5c35c95d1fce1ccf26583872f19a9e2a68be40c5
SHA512

1f5eca6a1123249551bf159617149c6195a2eab46dc5f7c5bad4d314c942c022392e0bcfcb5ba65bd30f6e999bffbf1193e081b588fe46bc7a461273d1538321
SSDEEP

1536:Q5eGgiOaTV+BA5uIpZo/QGoGG8betK4pkSQsVEj:Q5eLiO7GSuGGJ0V+Vm

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f94f453101a64eea061afffa5c35c95d1fce1ccf26583872f19a9e2a68be40c5
- Size
  
  108KB
- MD5
  
  62b2845c8526d0427800505bd3fb841b
- SHA1
  
  54c3b7a6668bd90c4ae491bb6aa990f35b35243b
- SHA256
  
  f94f453101a64eea061afffa5c35c95d1fce1ccf26583872f19a9e2a68be40c5
- SHA512
  
  1f5eca6a1123249551bf159617149c6195a2eab46dc5f7c5bad4d314c942c022392e0bcfcb5ba65bd30f6e999bffbf1193e081b588fe46bc7a461273d1538321
- SSDEEP
  
  1536:Q5eGgiOaTV+BA5uIpZo/QGoGG8betK4pkSQsVEj:Q5eLiO7GSuGGJ0V+Vm
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence