b1e4f4585ce7d68a60f8520e59d9d5aebb12fd83b0c2b136ff6d8555a0667aa3 | Triage

Sharing

General

Target

b1e4f4585ce7d68a60f8520e59d9d5aebb12fd83b0c2b136ff6d8555a0667aa3
Size

92KB
Sample

221020-g3v6sahde3
MD5

5753b32bf2bfe3306f54224e4aa0ebc0
SHA1

d8d8331cdd701b1e8078fdc42c98325dba06bafb
SHA256

b1e4f4585ce7d68a60f8520e59d9d5aebb12fd83b0c2b136ff6d8555a0667aa3
SHA512

fefe503b7910bdac4c3db060ee1d8cdc94f14193795090e86e677752652c925a96976e5fa2de22b6c85df4b3494f3dda7d79fea261d6882c1d617d077deb215e
SSDEEP

1536:D5Oez5Xem956TyzdJecqm4TNmVYc+kmMyRoV0fThs6wniUydnHq:DQY5X99PscY+T+VvfVs6wnSB

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b1e4f4585ce7d68a60f8520e59d9d5aebb12fd83b0c2b136ff6d8555a0667aa3
- Size
  
  92KB
- MD5
  
  5753b32bf2bfe3306f54224e4aa0ebc0
- SHA1
  
  d8d8331cdd701b1e8078fdc42c98325dba06bafb
- SHA256
  
  b1e4f4585ce7d68a60f8520e59d9d5aebb12fd83b0c2b136ff6d8555a0667aa3
- SHA512
  
  fefe503b7910bdac4c3db060ee1d8cdc94f14193795090e86e677752652c925a96976e5fa2de22b6c85df4b3494f3dda7d79fea261d6882c1d617d077deb215e
- SSDEEP
  
  1536:D5Oez5Xem956TyzdJecqm4TNmVYc+kmMyRoV0fThs6wniUydnHq:DQY5X99PscY+T+VvfVs6wnSB
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2