6a39251312c73f3d9f7cea127921c093172b42ab1402b8cf6b6535ef741f171c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a39251312c73f3d9f7cea127921c093172b42ab1402b8cf6b6535ef741f171c
Size

151KB
Sample

221019-2lgx2sbegq
MD5

a11bf130e0beed0f577ce4c5e8c10320
SHA1

9ed9b401f40f476daa5434daa8d77525ccf0dfb0
SHA256

6a39251312c73f3d9f7cea127921c093172b42ab1402b8cf6b6535ef741f171c
SHA512

36beeb07f59d705795017dbdfcfac5f4d340744194f423dc4b7dc9bd40be1e49b1da3404986450378bd008e898695e13177bc12d0f549c293402b54a8c81b088
SSDEEP

3072:RnAcJXCXBZ4oCOWrgrrrN0W3LoZYgj6HhtToaD032cdkOpsjxSfOkTUndnsD:RnhWzwgHOW3LiBjWBoaDKdkSsjDa

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6a39251312c73f3d9f7cea127921c093172b42ab1402b8cf6b6535ef741f171c
- Size
  
  151KB
- MD5
  
  a11bf130e0beed0f577ce4c5e8c10320
- SHA1
  
  9ed9b401f40f476daa5434daa8d77525ccf0dfb0
- SHA256
  
  6a39251312c73f3d9f7cea127921c093172b42ab1402b8cf6b6535ef741f171c
- SHA512
  
  36beeb07f59d705795017dbdfcfac5f4d340744194f423dc4b7dc9bd40be1e49b1da3404986450378bd008e898695e13177bc12d0f549c293402b54a8c81b088
- SSDEEP
  
  3072:RnAcJXCXBZ4oCOWrgrrrN0W3LoZYgj6HhtToaD032cdkOpsjxSfOkTUndnsD:RnhWzwgHOW3LiBjWBoaDKdkSsjDa
Score

8^/10

persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2