6db46e736b000f547447721365e8a13c7e2be40d386ed0878b029009af8d283d | Triage

Sharing

General

Target

6db46e736b000f547447721365e8a13c7e2be40d386ed0878b029009af8d283d
Size

184KB
Sample

221030-ghctpseea3
MD5

a332afa1a78f8491de279073efd78120
SHA1

182619372bac43c804977b505b347782943eb449
SHA256

6db46e736b000f547447721365e8a13c7e2be40d386ed0878b029009af8d283d
SHA512

e35f8ca6378e6fb3f1dd824c1b75b8e4ba5aca9ac36596745930104a41fa5188452039513deab4022710b6c158246bd929cbbe9d1ff1f70dba0e8a13d051448c
SSDEEP

3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1I/:GWkWXV9wUezUroW+tCmCCfNGh/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6db46e736b000f547447721365e8a13c7e2be40d386ed0878b029009af8d283d
- Size
  
  184KB
- MD5
  
  a332afa1a78f8491de279073efd78120
- SHA1
  
  182619372bac43c804977b505b347782943eb449
- SHA256
  
  6db46e736b000f547447721365e8a13c7e2be40d386ed0878b029009af8d283d
- SHA512
  
  e35f8ca6378e6fb3f1dd824c1b75b8e4ba5aca9ac36596745930104a41fa5188452039513deab4022710b6c158246bd929cbbe9d1ff1f70dba0e8a13d051448c
- SSDEEP
  
  3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1I/:GWkWXV9wUezUroW+tCmCCfNGh/
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence