d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c | Triage

Sharing

General

Target

d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c
Size

207KB
Sample

221018-nsymgsfheq
MD5

f642efb542e01bcac68b865878971816
SHA1

e0487e035e0988f4abcf540466e0ba5f1a95dac8
SHA256

d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c
SHA512

6948e12981147ab0233ee59f681b837f75761a1574c83f297b15f0edab7148bd886adb7c975c3aaaa3f746ba4869d2a0229ca596c808169b6cec1b0df4cf4864
SSDEEP

3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unMo:zvEN2U+T6i5LirrllHy4HUcMQY6e

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c
- Size
  
  207KB
- MD5
  
  f642efb542e01bcac68b865878971816
- SHA1
  
  e0487e035e0988f4abcf540466e0ba5f1a95dac8
- SHA256
  
  d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c
- SHA512
  
  6948e12981147ab0233ee59f681b837f75761a1574c83f297b15f0edab7148bd886adb7c975c3aaaa3f746ba4869d2a0229ca596c808169b6cec1b0df4cf4864
- SSDEEP
  
  3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unMo:zvEN2U+T6i5LirrllHy4HUcMQY6e
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence