e22dfa78ab72af556afa8b7f6ee7e7d831cf43e3ced76e62e83feddaa43c36da | Triage

Sharing

General

Target

e22dfa78ab72af556afa8b7f6ee7e7d831cf43e3ced76e62e83feddaa43c36da
Size

206KB
Sample

221018-p8nb5afhc2
MD5

31544ee3caa4bbee6b4acdcfc6a62d00
SHA1

85c674a12e471e81d7d31354e28ccdd26c78ff30
SHA256

e22dfa78ab72af556afa8b7f6ee7e7d831cf43e3ced76e62e83feddaa43c36da
SHA512

8f667a7ae266a87f8227fad14788080136cb38fdb7edb0442076e3f7e51b095a2b4e7dc719cf7d0ef7d1cc1eb304d78d3120cc388949d4f8af8d0b59f65a20e5
SSDEEP

3072:2vEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6uniNeZ:2vEN2U+T6i5LirrllHy4HUcMQY6VEZ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e22dfa78ab72af556afa8b7f6ee7e7d831cf43e3ced76e62e83feddaa43c36da
- Size
  
  206KB
- MD5
  
  31544ee3caa4bbee6b4acdcfc6a62d00
- SHA1
  
  85c674a12e471e81d7d31354e28ccdd26c78ff30
- SHA256
  
  e22dfa78ab72af556afa8b7f6ee7e7d831cf43e3ced76e62e83feddaa43c36da
- SHA512
  
  8f667a7ae266a87f8227fad14788080136cb38fdb7edb0442076e3f7e51b095a2b4e7dc719cf7d0ef7d1cc1eb304d78d3120cc388949d4f8af8d0b59f65a20e5
- SSDEEP
  
  3072:2vEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6uniNeZ:2vEN2U+T6i5LirrllHy4HUcMQY6VEZ
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence