0f71f379db3ff37fcca05d0a08542afeffec018ad8f22617f37965aa6a5fde21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f71f379db3ff37fcca05d0a08542afeffec018ad8f22617f37965aa6a5fde21
Size

261KB
Sample

221020-zg46nsdhg3
MD5

96e5a9de91aa21b8d59e5680bc8e98a0
SHA1

f7ec2873abc2ad78587f2affbdb6e9ae5e876017
SHA256

0f71f379db3ff37fcca05d0a08542afeffec018ad8f22617f37965aa6a5fde21
SHA512

5dc639d23bc8a108999ad59b1383f5078bc5caf70c4ef0fea4f6189e9b0ae8454a1a514814bc7be843c79f5685bfae7433af90161f4949662adcb17fbda3da6b
SSDEEP

6144:lFcHD8/oPXwlhYtkRnLbstrHxrLWpwcHA6Q8o+mEX8YG:wLXdtkRnM5pLWOF6QkX8Y

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0f71f379db3ff37fcca05d0a08542afeffec018ad8f22617f37965aa6a5fde21
- Size
  
  261KB
- MD5
  
  96e5a9de91aa21b8d59e5680bc8e98a0
- SHA1
  
  f7ec2873abc2ad78587f2affbdb6e9ae5e876017
- SHA256
  
  0f71f379db3ff37fcca05d0a08542afeffec018ad8f22617f37965aa6a5fde21
- SHA512
  
  5dc639d23bc8a108999ad59b1383f5078bc5caf70c4ef0fea4f6189e9b0ae8454a1a514814bc7be843c79f5685bfae7433af90161f4949662adcb17fbda3da6b
- SSDEEP
  
  6144:lFcHD8/oPXwlhYtkRnLbstrHxrLWpwcHA6Q8o+mEX8YG:wLXdtkRnM5pLWOF6QkX8Y
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2