15bbc78a09aa3c9cefa20401714202fa2df960363cafcd83692477ed1b030c6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15bbc78a09aa3c9cefa20401714202fa2df960363cafcd83692477ed1b030c6f
Size

288KB
Sample

221020-cfr4dshghq
MD5

749fecb39f50fbe616b7cd37f046487c
SHA1

5c04ae00da7a32a2b24f62042ceda531d8f5967b
SHA256

15bbc78a09aa3c9cefa20401714202fa2df960363cafcd83692477ed1b030c6f
SHA512

d3d174e9f6ca210f61f1ccade05ebe8d0fa8750e91ef2126509ef0f26791d9ed5741e441a2bf019f31d3b7529f4f9002159d339d6b42bdec65c11bfe1095e09a
SSDEEP

1536:vvf1zwQVgdYYuAXyeHl0BTFXEqkEgOUXhQp1of1zwQVgvKa60+:vn1zwLyYuAXyeaTFbkEg1Qp1o1zwLvK

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  15bbc78a09aa3c9cefa20401714202fa2df960363cafcd83692477ed1b030c6f
- Size
  
  288KB
- MD5
  
  749fecb39f50fbe616b7cd37f046487c
- SHA1
  
  5c04ae00da7a32a2b24f62042ceda531d8f5967b
- SHA256
  
  15bbc78a09aa3c9cefa20401714202fa2df960363cafcd83692477ed1b030c6f
- SHA512
  
  d3d174e9f6ca210f61f1ccade05ebe8d0fa8750e91ef2126509ef0f26791d9ed5741e441a2bf019f31d3b7529f4f9002159d339d6b42bdec65c11bfe1095e09a
- SSDEEP
  
  1536:vvf1zwQVgdYYuAXyeHl0BTFXEqkEgOUXhQp1of1zwQVgvKa60+:vn1zwLyYuAXyeaTFbkEg1Qp1o1zwLvK
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2