c2980163d69a0bc13373766ea6e0655ca475a35e31f1b7d6858c97fcc5b0ffcb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2980163d69a0bc13373766ea6e0655ca475a35e31f1b7d6858c97fcc5b0ffcb
Size

146KB
Sample

221018-z6y1ysechr
MD5

b4036690336b13bc71a6e2e874a530f3
SHA1

8fa8bb3cd4df6c531fdd93d0d994ac32c374a95f
SHA256

c2980163d69a0bc13373766ea6e0655ca475a35e31f1b7d6858c97fcc5b0ffcb
SHA512

bbb4e10cb1abc959e15709b4742921aa5eddbc953ecb52f2263ba5152130fddf07e0e8bd2be214f90f0f1dc474d2c1394fb03875f4ddae3c9a0d95ee4df690fb
SSDEEP

3072:3LVoDvPd+A4WhkhXDl+i1lApwH08TdTIIIIIIIIIIIIIIIIIIfIIIIyIIIITIII2:ZopGGgbiwU8JK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c2980163d69a0bc13373766ea6e0655ca475a35e31f1b7d6858c97fcc5b0ffcb
- Size
  
  146KB
- MD5
  
  b4036690336b13bc71a6e2e874a530f3
- SHA1
  
  8fa8bb3cd4df6c531fdd93d0d994ac32c374a95f
- SHA256
  
  c2980163d69a0bc13373766ea6e0655ca475a35e31f1b7d6858c97fcc5b0ffcb
- SHA512
  
  bbb4e10cb1abc959e15709b4742921aa5eddbc953ecb52f2263ba5152130fddf07e0e8bd2be214f90f0f1dc474d2c1394fb03875f4ddae3c9a0d95ee4df690fb
- SSDEEP
  
  3072:3LVoDvPd+A4WhkhXDl+i1lApwH08TdTIIIIIIIIIIIIIIIIIIfIIIIyIIIITIII2:ZopGGgbiwU8JK
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence