eaee5c8cee15632c06618262b7c8611afb3693bafddc2a29f40f70cccd76614b | Triage

Sharing

General

Target

eaee5c8cee15632c06618262b7c8611afb3693bafddc2a29f40f70cccd76614b
Size

572KB
Sample

221010-3pykmseefl
MD5

455e9f029f5f2fbd8789fc271e5123a0
SHA1

a788711a4039f94e1ac2c20687330edcf02461c5
SHA256

eaee5c8cee15632c06618262b7c8611afb3693bafddc2a29f40f70cccd76614b
SHA512

d0a1d4d69be3994802b435a12ff874573cf452035a59521ae865e9329739a187d118123d7529104d09839a071f086a6a9df2cbad85113bf99cc3abbb8b18add5
SSDEEP

12288:j0/zSknQPmbFlXTPhvHA7azeJrk8h2RvLaB:RqbFR9A7aCDh+eB

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  eaee5c8cee15632c06618262b7c8611afb3693bafddc2a29f40f70cccd76614b
- Size
  
  572KB
- MD5
  
  455e9f029f5f2fbd8789fc271e5123a0
- SHA1
  
  a788711a4039f94e1ac2c20687330edcf02461c5
- SHA256
  
  eaee5c8cee15632c06618262b7c8611afb3693bafddc2a29f40f70cccd76614b
- SHA512
  
  d0a1d4d69be3994802b435a12ff874573cf452035a59521ae865e9329739a187d118123d7529104d09839a071f086a6a9df2cbad85113bf99cc3abbb8b18add5
- SSDEEP
  
  12288:j0/zSknQPmbFlXTPhvHA7azeJrk8h2RvLaB:RqbFR9A7aCDh+eB
Score

8^/10

persistence
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2