5359a11089280dc47551f1e046147d0ab72c34f8258a1c9e370a88c354f77308 | Triage

Sharing

General

Target

5359a11089280dc47551f1e046147d0ab72c34f8258a1c9e370a88c354f77308
Size

184KB
Sample

221019-q4pj3aadg3
MD5

a19e0c2683d3fff18ededd502604d6a0
SHA1

d0d3751dbab447f2d3038e2c22d9db9b0704e05c
SHA256

5359a11089280dc47551f1e046147d0ab72c34f8258a1c9e370a88c354f77308
SHA512

a35844f3fe19a63e5167656ad9906dbb7e42ef3bca7e63f149fb3a52320e9e4413ad78183b157c9341b187852390fc0aaa9442b6c7106e6e358fbb8b932704f7
SSDEEP

3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1IW:GWkWXV9wUezUroW+tCmCCfNGhW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5359a11089280dc47551f1e046147d0ab72c34f8258a1c9e370a88c354f77308
- Size
  
  184KB
- MD5
  
  a19e0c2683d3fff18ededd502604d6a0
- SHA1
  
  d0d3751dbab447f2d3038e2c22d9db9b0704e05c
- SHA256
  
  5359a11089280dc47551f1e046147d0ab72c34f8258a1c9e370a88c354f77308
- SHA512
  
  a35844f3fe19a63e5167656ad9906dbb7e42ef3bca7e63f149fb3a52320e9e4413ad78183b157c9341b187852390fc0aaa9442b6c7106e6e358fbb8b932704f7
- SSDEEP
  
  3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1IW:GWkWXV9wUezUroW+tCmCCfNGhW
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence