284d9569b524ea0e936b40ee7f201ea19d0730b63ea6d735f98f65b5b62b4401 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

284d9569b524ea0e936b40ee7f201ea19d0730b63ea6d735f98f65b5b62b4401
Size

249KB
Sample

221011-fed2xsfab5
MD5

6513cda52c785b95da80a7397979b468
SHA1

3f1b56c4de86ec7d4dbb8513106d60772521f150
SHA256

284d9569b524ea0e936b40ee7f201ea19d0730b63ea6d735f98f65b5b62b4401
SHA512

402ebed119448cf592ee5f85bdd1b8219725fc051cc5013f1ed8e281012a5366c76ba5c26f38256c660bc874fbfbcdf29a06369986966ecc83d03e44cf3c31eb
SSDEEP

6144:ebjFFyZaP8MOntdgFKdfUVNXBtFKm4Sn4ZpnJf:eHFFUfkvRtFH4Sgnh

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  284d9569b524ea0e936b40ee7f201ea19d0730b63ea6d735f98f65b5b62b4401
- Size
  
  249KB
- MD5
  
  6513cda52c785b95da80a7397979b468
- SHA1
  
  3f1b56c4de86ec7d4dbb8513106d60772521f150
- SHA256
  
  284d9569b524ea0e936b40ee7f201ea19d0730b63ea6d735f98f65b5b62b4401
- SHA512
  
  402ebed119448cf592ee5f85bdd1b8219725fc051cc5013f1ed8e281012a5366c76ba5c26f38256c660bc874fbfbcdf29a06369986966ecc83d03e44cf3c31eb
- SSDEEP
  
  6144:ebjFFyZaP8MOntdgFKdfUVNXBtFKm4Sn4ZpnJf:eHFFUfkvRtFH4Sgnh
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2