d1fc787c175c704e0a58cd87b50c817eaa075d0c839844f7fe688ad79c58747e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1fc787c175c704e0a58cd87b50c817eaa075d0c839844f7fe688ad79c58747e
Size

332KB
Sample

221011-hfbz3aaea8
MD5

7943505456eefd1bdcbae9d9a6dd88a1
SHA1

651c6d222b3e361a2926288e247ed283836be3f0
SHA256

d1fc787c175c704e0a58cd87b50c817eaa075d0c839844f7fe688ad79c58747e
SHA512

20ad8491ca847960779b9edab7b311159c38c98b1f9444cbf87c0ceff0537112ff18b6a8b18460564331160cbe6cf9144422ab70cf6b5c6a15300cac975f1944
SSDEEP

6144:xaNJmnQo41QAOMwEIzUjQiZZvEYqWnKZ+pnVaA:x234BEIYjQWvrq1snkA

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d1fc787c175c704e0a58cd87b50c817eaa075d0c839844f7fe688ad79c58747e
- Size
  
  332KB
- MD5
  
  7943505456eefd1bdcbae9d9a6dd88a1
- SHA1
  
  651c6d222b3e361a2926288e247ed283836be3f0
- SHA256
  
  d1fc787c175c704e0a58cd87b50c817eaa075d0c839844f7fe688ad79c58747e
- SHA512
  
  20ad8491ca847960779b9edab7b311159c38c98b1f9444cbf87c0ceff0537112ff18b6a8b18460564331160cbe6cf9144422ab70cf6b5c6a15300cac975f1944
- SSDEEP
  
  6144:xaNJmnQo41QAOMwEIzUjQiZZvEYqWnKZ+pnVaA:x234BEIYjQWvrq1snkA
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2