33f693d3443ad0aa42ea2eb4e3f68cb97c069802c9cd3bd478c6a1be5d0d4499 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33f693d3443ad0aa42ea2eb4e3f68cb97c069802c9cd3bd478c6a1be5d0d4499
Size

1.3MB
Sample

221020-mtxwxaabgl
MD5

81145e903a7537ffddea2037beb5d885
SHA1

84e65be57f44c094a4bbf6633b3a0f1d0f44368b
SHA256

33f693d3443ad0aa42ea2eb4e3f68cb97c069802c9cd3bd478c6a1be5d0d4499
SHA512

15540dfc4ec02a61767e17902f172b86c505db630ccb59a2ebd168c033e93cbc67564319274b8edbb736b28e78ec646cd9545f8e80e5b0a05d17a73b5213c772
SSDEEP

1536:FXTSHQ+AWwXpPhttIf1zwQVgv/qflVkSkwNegiYaZ:FjG4pPhLI1zwLv/2IfwNegin

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  33f693d3443ad0aa42ea2eb4e3f68cb97c069802c9cd3bd478c6a1be5d0d4499
- Size
  
  1.3MB
- MD5
  
  81145e903a7537ffddea2037beb5d885
- SHA1
  
  84e65be57f44c094a4bbf6633b3a0f1d0f44368b
- SHA256
  
  33f693d3443ad0aa42ea2eb4e3f68cb97c069802c9cd3bd478c6a1be5d0d4499
- SHA512
  
  15540dfc4ec02a61767e17902f172b86c505db630ccb59a2ebd168c033e93cbc67564319274b8edbb736b28e78ec646cd9545f8e80e5b0a05d17a73b5213c772
- SSDEEP
  
  1536:FXTSHQ+AWwXpPhttIf1zwQVgv/qflVkSkwNegiYaZ:FjG4pPhLI1zwLv/2IfwNegin
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2