ec105b3de0dca511f7648d97ee31deaca5077b9a6f35c48bd6d9a409644025c9 | Triage

Sharing

General

Target

ec105b3de0dca511f7648d97ee31deaca5077b9a6f35c48bd6d9a409644025c9
Size

108KB
Sample

221019-z717pshca3
MD5

a20335e836641b508fbf7ed70c2ef46d
SHA1

7fa1929e8ba91b604ab43cc4f36c9a7037074be7
SHA256

ec105b3de0dca511f7648d97ee31deaca5077b9a6f35c48bd6d9a409644025c9
SHA512

d8082b60a21a6ad72461ba819be860ac88c019c4a0f0000655994256928602c1b3c86895a2643bcf94fdb773f08f1a86444502c43383f64459cd1356dcedc624
SSDEEP

1536:3ZlAv1IpcqNRYcQOJ7co0ZLSecHek8cqvY9B/xKPkdWOfGQh6ENN3KqWf7C:613wRYcFco8LVAezFxeWOum/aqWTC

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ec105b3de0dca511f7648d97ee31deaca5077b9a6f35c48bd6d9a409644025c9
- Size
  
  108KB
- MD5
  
  a20335e836641b508fbf7ed70c2ef46d
- SHA1
  
  7fa1929e8ba91b604ab43cc4f36c9a7037074be7
- SHA256
  
  ec105b3de0dca511f7648d97ee31deaca5077b9a6f35c48bd6d9a409644025c9
- SHA512
  
  d8082b60a21a6ad72461ba819be860ac88c019c4a0f0000655994256928602c1b3c86895a2643bcf94fdb773f08f1a86444502c43383f64459cd1356dcedc624
- SSDEEP
  
  1536:3ZlAv1IpcqNRYcQOJ7co0ZLSecHek8cqvY9B/xKPkdWOfGQh6ENN3KqWf7C:613wRYcFco8LVAezFxeWOum/aqWTC
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2