c54917d0c61bbbf56fb53a698f45f13f8884f9391b357030a86775e49455385c | Triage

Sharing

General

Target

c54917d0c61bbbf56fb53a698f45f13f8884f9391b357030a86775e49455385c
Size

288KB
Sample

221030-f25hdseger
MD5

839b92b07934e02f8ffdc41aad980a79
SHA1

a252419e6e78fa327e7dcae19dc7a75b094357d0
SHA256

c54917d0c61bbbf56fb53a698f45f13f8884f9391b357030a86775e49455385c
SHA512

976984fa798f4ac5cd41d197cc8ffd82f9c2105cb9abeda88ccb1474227d800f0fb1d11893d82e7c729cadb9175318c3df3c1dc301dc606bee0533ad9a8eecf6
SSDEEP

3072:JvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6ungPKvLP:JvEN2U+T6i5LirrllHy4HUcMQY6lKLP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c54917d0c61bbbf56fb53a698f45f13f8884f9391b357030a86775e49455385c
- Size
  
  288KB
- MD5
  
  839b92b07934e02f8ffdc41aad980a79
- SHA1
  
  a252419e6e78fa327e7dcae19dc7a75b094357d0
- SHA256
  
  c54917d0c61bbbf56fb53a698f45f13f8884f9391b357030a86775e49455385c
- SHA512
  
  976984fa798f4ac5cd41d197cc8ffd82f9c2105cb9abeda88ccb1474227d800f0fb1d11893d82e7c729cadb9175318c3df3c1dc301dc606bee0533ad9a8eecf6
- SSDEEP
  
  3072:JvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6ungPKvLP:JvEN2U+T6i5LirrllHy4HUcMQY6lKLP
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence