eb6480db499fc5d4b5385e41887c8e72173974d5ecfdd60bfebeeda1d9cdb234 | Triage

Sharing

General

Target

eb6480db499fc5d4b5385e41887c8e72173974d5ecfdd60bfebeeda1d9cdb234
Size

58KB
Sample

221029-1nz1zahccl
MD5

543488b1a5d87f677c93621a6b6dedf0
SHA1

5355f80a9624cefecc7c171ffef090ed91644b5c
SHA256

eb6480db499fc5d4b5385e41887c8e72173974d5ecfdd60bfebeeda1d9cdb234
SHA512

3cddc0679dc930b55b2763fa3469184c8d3fbdf3018c0d3c634b340980bb15c2855b06235a24d221347f52fffb09055450e31f0b74a3138e479a67b7095b2f61
SSDEEP

1536:CKSZDBX55sFS6Qbfx4N8YRWG44gB3PHlfdsm:FSFp5nf07TgBfHlfdj

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  eb6480db499fc5d4b5385e41887c8e72173974d5ecfdd60bfebeeda1d9cdb234
- Size
  
  58KB
- MD5
  
  543488b1a5d87f677c93621a6b6dedf0
- SHA1
  
  5355f80a9624cefecc7c171ffef090ed91644b5c
- SHA256
  
  eb6480db499fc5d4b5385e41887c8e72173974d5ecfdd60bfebeeda1d9cdb234
- SHA512
  
  3cddc0679dc930b55b2763fa3469184c8d3fbdf3018c0d3c634b340980bb15c2855b06235a24d221347f52fffb09055450e31f0b74a3138e479a67b7095b2f61
- SSDEEP
  
  1536:CKSZDBX55sFS6Qbfx4N8YRWG44gB3PHlfdsm:FSFp5nf07TgBfHlfdj
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2