1656195d63f0c31cfc0956e652853ae44e1c2ca4c1e078d631112ecae9fc748a | Triage

Sharing

General

Target

1656195d63f0c31cfc0956e652853ae44e1c2ca4c1e078d631112ecae9fc748a
Size

746KB
Sample

221020-tzjd2adchj
MD5

a01206c2ad1d076eca5c8a0a70b80f77
SHA1

06c7540b3ec3a1fe48b22874104f6d5514d287df
SHA256

1656195d63f0c31cfc0956e652853ae44e1c2ca4c1e078d631112ecae9fc748a
SHA512

f8230631ad011d12dd176f991568571248589c27078fdcf93654bbd5adf4aa9596ce6deeb102c185fd1062b4115a1f5bda39741a555555013e40bf8a35f4e7bc
SSDEEP

12288:xvehvlTulb6cK4QJrr186amIWge+RCQdyIMA65xb/T+ZXmwWE43LY/g5BS:xvehvtulbZKXJrr186amIWgVRFyIMX5m

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  1656195d63f0c31cfc0956e652853ae44e1c2ca4c1e078d631112ecae9fc748a
- Size
  
  746KB
- MD5
  
  a01206c2ad1d076eca5c8a0a70b80f77
- SHA1
  
  06c7540b3ec3a1fe48b22874104f6d5514d287df
- SHA256
  
  1656195d63f0c31cfc0956e652853ae44e1c2ca4c1e078d631112ecae9fc748a
- SHA512
  
  f8230631ad011d12dd176f991568571248589c27078fdcf93654bbd5adf4aa9596ce6deeb102c185fd1062b4115a1f5bda39741a555555013e40bf8a35f4e7bc
- SSDEEP
  
  12288:xvehvlTulb6cK4QJrr186amIWge+RCQdyIMA65xb/T+ZXmwWE43LY/g5BS:xvehvtulbZKXJrr186amIWgVRFyIMX5m
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2