16bcbe22b0e671c478bb092bdb22f43a811a06d1e101c3e3428243849e1da6b9 | Triage

Sharing

General

Target

16bcbe22b0e671c478bb092bdb22f43a811a06d1e101c3e3428243849e1da6b9
Size

206KB
Sample

221012-rlms7afaek
MD5

7b6610873a942a19ac3e87417d608122
SHA1

aa9f84ebef971e394f994a45367ca3e3f0309e99
SHA256

16bcbe22b0e671c478bb092bdb22f43a811a06d1e101c3e3428243849e1da6b9
SHA512

218e07927a305a0bc1c5379e0e7dd05ae029465317c5866564eb7b2d541d22528cb94ac54339dffd8f19ceeab02c32f333b49198d1b75dfba6a8836989d3ef6f
SSDEEP

3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unpC:zvEN2U+T6i5LirrllHy4HUcMQY6UC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  16bcbe22b0e671c478bb092bdb22f43a811a06d1e101c3e3428243849e1da6b9
- Size
  
  206KB
- MD5
  
  7b6610873a942a19ac3e87417d608122
- SHA1
  
  aa9f84ebef971e394f994a45367ca3e3f0309e99
- SHA256
  
  16bcbe22b0e671c478bb092bdb22f43a811a06d1e101c3e3428243849e1da6b9
- SHA512
  
  218e07927a305a0bc1c5379e0e7dd05ae029465317c5866564eb7b2d541d22528cb94ac54339dffd8f19ceeab02c32f333b49198d1b75dfba6a8836989d3ef6f
- SSDEEP
  
  3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unpC:zvEN2U+T6i5LirrllHy4HUcMQY6UC
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence