7bd7534bc2d1f682d4a01b23d21f079bdbeac3609bff37ccc32a291c1739c47a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7bd7534bc2d1f682d4a01b23d21f079bdbeac3609bff37ccc32a291c1739c47a
Size

88KB
Sample

221020-khc19adhc5
MD5

80d56654531aa5520238b0dbddaf7e80
SHA1

96d5d6a5722fae7444c947e9ef457d477658009e
SHA256

7bd7534bc2d1f682d4a01b23d21f079bdbeac3609bff37ccc32a291c1739c47a
SHA512

0834df7415a1b15ae140e2c7bf29d27175008c8b45e5387728802c8d1d9d46d2014c943f968f5cdf905222d237ba3c65c7eda793cf3a4eac739784266afaea50
SSDEEP

1536:/bNceAT5ncoGf+c9na5U7vG++zXpkSy1Lq5bYrFF/pgFDo:/hAhtc9ncU7vGxdkS1Crn/iFD

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  7bd7534bc2d1f682d4a01b23d21f079bdbeac3609bff37ccc32a291c1739c47a
- Size
  
  88KB
- MD5
  
  80d56654531aa5520238b0dbddaf7e80
- SHA1
  
  96d5d6a5722fae7444c947e9ef457d477658009e
- SHA256
  
  7bd7534bc2d1f682d4a01b23d21f079bdbeac3609bff37ccc32a291c1739c47a
- SHA512
  
  0834df7415a1b15ae140e2c7bf29d27175008c8b45e5387728802c8d1d9d46d2014c943f968f5cdf905222d237ba3c65c7eda793cf3a4eac739784266afaea50
- SSDEEP
  
  1536:/bNceAT5ncoGf+c9na5U7vG++zXpkSy1Lq5bYrFF/pgFDo:/hAhtc9ncU7vGxdkS1Crn/iFD
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2