78bd069d6b2a1e617941b71b6953e0a8c792f49d3afbf3663610d60e280048fa | Triage

Sharing

General

Target

tmp
Size

320KB
Sample

221007-xdlttaddan
MD5

79c8aec89b55f0fd893c5358cfe66634
SHA1

cb1065ed12890f9dfa599e94c559626129f9efcb
SHA256

78bd069d6b2a1e617941b71b6953e0a8c792f49d3afbf3663610d60e280048fa
SHA512

8f0080961607b102006594f33904b2e61346c4465874807e411a61d8ac08b3abb186736549161e1ce09910fc3c87f37e1a4052cbb88e8207c9b7b80668fa6ffd
SSDEEP

6144:L2CgfxElP8isat6Z475cw0npnlSLmarpUguiVuVTEryN+9t7NS:L2YR2DEknwaaFUZiVuK7

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  tmp
- Size
  
  320KB
- MD5
  
  79c8aec89b55f0fd893c5358cfe66634
- SHA1
  
  cb1065ed12890f9dfa599e94c559626129f9efcb
- SHA256
  
  78bd069d6b2a1e617941b71b6953e0a8c792f49d3afbf3663610d60e280048fa
- SHA512
  
  8f0080961607b102006594f33904b2e61346c4465874807e411a61d8ac08b3abb186736549161e1ce09910fc3c87f37e1a4052cbb88e8207c9b7b80668fa6ffd
- SSDEEP
  
  6144:L2CgfxElP8isat6Z475cw0npnlSLmarpUguiVuVTEryN+9t7NS:L2YR2DEknwaaFUZiVuK7
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2