346e785c36f7d594e6217cbd5bcb6a72b0191eaf387e946eed81b98329d867af | Triage

Sharing

General

Target

346e785c36f7d594e6217cbd5bcb6a72b0191eaf387e946eed81b98329d867af
Size

184KB
Sample

221029-xleqgabedk
MD5

a38c51df82cd58d3ce64f37cd7b18f2f
SHA1

7a20bd43bff1e282125ed593bbf631f7349cd5ff
SHA256

346e785c36f7d594e6217cbd5bcb6a72b0191eaf387e946eed81b98329d867af
SHA512

dad40012391cb0807b6b342d8c318016fa3d7e3f2fe3e160fdce933132ea1e9f67d6b51ef79f4ab89e36c0ec423d33c09f82b02f4acf65d75497f898f21d3db6
SSDEEP

3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1aHz4:7WkWXV9wUezUroW+tCmCCfNG+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  346e785c36f7d594e6217cbd5bcb6a72b0191eaf387e946eed81b98329d867af
- Size
  
  184KB
- MD5
  
  a38c51df82cd58d3ce64f37cd7b18f2f
- SHA1
  
  7a20bd43bff1e282125ed593bbf631f7349cd5ff
- SHA256
  
  346e785c36f7d594e6217cbd5bcb6a72b0191eaf387e946eed81b98329d867af
- SHA512
  
  dad40012391cb0807b6b342d8c318016fa3d7e3f2fe3e160fdce933132ea1e9f67d6b51ef79f4ab89e36c0ec423d33c09f82b02f4acf65d75497f898f21d3db6
- SSDEEP
  
  3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1aHz4:7WkWXV9wUezUroW+tCmCCfNG+
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence