a3f52eac38f223dd022487ac99aeb13a7d1f12eded99c62af52e98a6aeed411a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3f52eac38f223dd022487ac99aeb13a7d1f12eded99c62af52e98a6aeed411a
Size

274KB
Sample

221019-qj7vxahdf2
MD5

a25c4eab031e5b11966c78e891bbd18e
SHA1

83c27223aa1ae819d2f690d20ba34436be5c3714
SHA256

a3f52eac38f223dd022487ac99aeb13a7d1f12eded99c62af52e98a6aeed411a
SHA512

2b5bf0166f161100b458e451cd4a5c4953ef8d197b1c2504bd8b383c06e6fabf49bc918889881fbee37cc33e491bf589b204d97ed76d6de5e9fd4ed7f50db57e
SSDEEP

3072:Gbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAV:Gbl5RKgOGqml80FrgTRHGvJI08iYL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a3f52eac38f223dd022487ac99aeb13a7d1f12eded99c62af52e98a6aeed411a
- Size
  
  274KB
- MD5
  
  a25c4eab031e5b11966c78e891bbd18e
- SHA1
  
  83c27223aa1ae819d2f690d20ba34436be5c3714
- SHA256
  
  a3f52eac38f223dd022487ac99aeb13a7d1f12eded99c62af52e98a6aeed411a
- SHA512
  
  2b5bf0166f161100b458e451cd4a5c4953ef8d197b1c2504bd8b383c06e6fabf49bc918889881fbee37cc33e491bf589b204d97ed76d6de5e9fd4ed7f50db57e
- SSDEEP
  
  3072:Gbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAV:Gbl5RKgOGqml80FrgTRHGvJI08iYL
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence