d001694b33caf9d271140416940b1b5b1ddc9c17d74623c699a1513ded255878 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d001694b33caf9d271140416940b1b5b1ddc9c17d74623c699a1513ded255878
Size

237KB
Sample

221011-cn119saeh2
MD5

65c1263518e125abf8e5edb976ef2c0f
SHA1

6f5a601c20fe1764faa01f05ba7df9bac629006e
SHA256

d001694b33caf9d271140416940b1b5b1ddc9c17d74623c699a1513ded255878
SHA512

e2fef7e8ab97d597ab6b7da97db89639619592476d13097d29e7d6cddc1e1edda0f48a1b0b0c8a01799cafe2c70753f74da3c94730cd300f2bcc6fe8f495809e
SSDEEP

3072:nQRt5qV7WYSQEhWsLbajLViqn4fEKLba/69vkzdmZBWI6:nyrqV7vSQEhWsLeF4pR9vCmZkI6

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  d001694b33caf9d271140416940b1b5b1ddc9c17d74623c699a1513ded255878
- Size
  
  237KB
- MD5
  
  65c1263518e125abf8e5edb976ef2c0f
- SHA1
  
  6f5a601c20fe1764faa01f05ba7df9bac629006e
- SHA256
  
  d001694b33caf9d271140416940b1b5b1ddc9c17d74623c699a1513ded255878
- SHA512
  
  e2fef7e8ab97d597ab6b7da97db89639619592476d13097d29e7d6cddc1e1edda0f48a1b0b0c8a01799cafe2c70753f74da3c94730cd300f2bcc6fe8f495809e
- SSDEEP
  
  3072:nQRt5qV7WYSQEhWsLbajLViqn4fEKLba/69vkzdmZBWI6:nyrqV7vSQEhWsLeF4pR9vCmZkI6
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2