c1557b9b44f6ffc93612b287bbd5b16ebbefe41bfdf98a440fec4505956d4d0e | Triage

Sharing

General

Target

c1557b9b44f6ffc93612b287bbd5b16ebbefe41bfdf98a440fec4505956d4d0e
Size

75KB
Sample

221021-eqd1mabcgj
MD5

7ab1afb389bc52cc511e956becd18f80
SHA1

e734e42dee57805f45704b83f264ee03ebb977bc
SHA256

c1557b9b44f6ffc93612b287bbd5b16ebbefe41bfdf98a440fec4505956d4d0e
SHA512

a4c0af042647e278a51a937869d3c3c61ad081c2cb57b02f959cdc62375350d5696cad33f45be5ff9fbcf67ece8e457d293a88bea17a0056b8b503592b618d54
SSDEEP

1536:aaIoMKhdLjEPUZ4NYjHYq/SAwwgIBIw+7J:3IopQPyHbz/SAhrIw+l

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  c1557b9b44f6ffc93612b287bbd5b16ebbefe41bfdf98a440fec4505956d4d0e
- Size
  
  75KB
- MD5
  
  7ab1afb389bc52cc511e956becd18f80
- SHA1
  
  e734e42dee57805f45704b83f264ee03ebb977bc
- SHA256
  
  c1557b9b44f6ffc93612b287bbd5b16ebbefe41bfdf98a440fec4505956d4d0e
- SHA512
  
  a4c0af042647e278a51a937869d3c3c61ad081c2cb57b02f959cdc62375350d5696cad33f45be5ff9fbcf67ece8e457d293a88bea17a0056b8b503592b618d54
- SSDEEP
  
  1536:aaIoMKhdLjEPUZ4NYjHYq/SAwwgIBIw+7J:3IopQPyHbz/SAhrIw+l
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2