ee3473538e74bab5389a62ebc5e9298d979834b3269523ffbfaa2d61ea013c76 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ee3473538e74bab5389a62ebc5e9298d979834b3269523ffbfaa2d61ea013c76
Size

1.2MB
Sample

221021-b8tl9afdh9
MD5

7a248240fc925d971d9fbbfffacc6ea9
SHA1

0c3d7a7a31235e02b464d1d5c290ff394386a1a4
SHA256

ee3473538e74bab5389a62ebc5e9298d979834b3269523ffbfaa2d61ea013c76
SHA512

4a7f36e622c261f202b7b555760df91914ecfc85dddf226894500a6a84808f8690b1723a47032cc390a6417c8f3f9eabfa4edd296e48e7eb4cad0fe94158ae15
SSDEEP

24576:VkEBSta9v3iBGCuTkP7GWB+iBwHg5YdHhIHn9PmlE1s/UA8+B:DBStSvSBvuIP7PrBwA5SyHx22a9

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ee3473538e74bab5389a62ebc5e9298d979834b3269523ffbfaa2d61ea013c76
- Size
  
  1.2MB
- MD5
  
  7a248240fc925d971d9fbbfffacc6ea9
- SHA1
  
  0c3d7a7a31235e02b464d1d5c290ff394386a1a4
- SHA256
  
  ee3473538e74bab5389a62ebc5e9298d979834b3269523ffbfaa2d61ea013c76
- SHA512
  
  4a7f36e622c261f202b7b555760df91914ecfc85dddf226894500a6a84808f8690b1723a47032cc390a6417c8f3f9eabfa4edd296e48e7eb4cad0fe94158ae15
- SSDEEP
  
  24576:VkEBSta9v3iBGCuTkP7GWB+iBwHg5YdHhIHn9PmlE1s/UA8+B:DBStSvSBvuIP7PrBwA5SyHx22a9
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2