9bd6ac740f14d705d42547c16660905090307179696a814d34c1887649a0a624 | Triage

Sharing

General

Target

9bd6ac740f14d705d42547c16660905090307179696a814d34c1887649a0a624
Size

108KB
Sample

221014-lp1xbshha7
MD5

708a212a9f142d9ee4306a99488959d5
SHA1

44c9df0ee615bea35f19a053f3bd16e49e7e9fd1
SHA256

9bd6ac740f14d705d42547c16660905090307179696a814d34c1887649a0a624
SHA512

32cad6fac8fc5f1270af7bc503c5290de3b22ff2dc311ceaf983de9979159246ddba8de20db7cf6d94a6815adeb86d05f04e6e504553b374f0b47ddd0dbafaf1
SSDEEP

1536:Q5eGqiOaTV+BA5uIpZo/QGoGG8betK4pkSQsVEj:Q5eRiO7GSuGGJ0V+Vm

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9bd6ac740f14d705d42547c16660905090307179696a814d34c1887649a0a624
- Size
  
  108KB
- MD5
  
  708a212a9f142d9ee4306a99488959d5
- SHA1
  
  44c9df0ee615bea35f19a053f3bd16e49e7e9fd1
- SHA256
  
  9bd6ac740f14d705d42547c16660905090307179696a814d34c1887649a0a624
- SHA512
  
  32cad6fac8fc5f1270af7bc503c5290de3b22ff2dc311ceaf983de9979159246ddba8de20db7cf6d94a6815adeb86d05f04e6e504553b374f0b47ddd0dbafaf1
- SSDEEP
  
  1536:Q5eGqiOaTV+BA5uIpZo/QGoGG8betK4pkSQsVEj:Q5eRiO7GSuGGJ0V+Vm
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence