dffb055fe04330c536197106de96bb91f905d35887da0566b799dfc0d9f1ec81 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dffb055fe04330c536197106de96bb91f905d35887da0566b799dfc0d9f1ec81
Size

136KB
Sample

221020-z85arafcf2
MD5

96253d36b947f8285f0f2871c49a12e1
SHA1

23a01d600f2f0e13305697486f51aa1b4ef9e189
SHA256

dffb055fe04330c536197106de96bb91f905d35887da0566b799dfc0d9f1ec81
SHA512

b689116f35a3bac83718f74320b4c8dedb4c7d17a8643af803c5323c9057acda08417cfbb4687ad20a83e01070543c8de512a52dcbe33a601c68a6504b943a0a
SSDEEP

3072:kUGTaiwM7tFOiWgU9oiZthCg+A713/NPvZWAu6+NBe:kp+51vNPhWAu6+Nc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  dffb055fe04330c536197106de96bb91f905d35887da0566b799dfc0d9f1ec81
- Size
  
  136KB
- MD5
  
  96253d36b947f8285f0f2871c49a12e1
- SHA1
  
  23a01d600f2f0e13305697486f51aa1b4ef9e189
- SHA256
  
  dffb055fe04330c536197106de96bb91f905d35887da0566b799dfc0d9f1ec81
- SHA512
  
  b689116f35a3bac83718f74320b4c8dedb4c7d17a8643af803c5323c9057acda08417cfbb4687ad20a83e01070543c8de512a52dcbe33a601c68a6504b943a0a
- SSDEEP
  
  3072:kUGTaiwM7tFOiWgU9oiZthCg+A713/NPvZWAu6+NBe:kp+51vNPhWAu6+Nc
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence