b5707bb946b4659fad2b8a985e8288b528c5e5bff871ace11ef952d4187b9a02 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5707bb946b4659fad2b8a985e8288b528c5e5bff871ace11ef952d4187b9a02
Size

96KB
Sample

221106-jh3q8scgcl
MD5

28fcfc1c271a3a2b843a7d9b9f8445a0
SHA1

4070e1fc12d0d2d798543346b84a9a3219d53ebb
SHA256

b5707bb946b4659fad2b8a985e8288b528c5e5bff871ace11ef952d4187b9a02
SHA512

6512311c24adb3b5473c03fafdd556dc2061c58f1c2704a4615b8555920030623c9eae9f57000e1f0208ce537321ff787f4d001c3749f0816cd6b2cfb2d9a706
SSDEEP

1536:oobIWMfgSTmT8YrbNkqlrRizDfyJlwQDnTHA7oDfPHlfdsmmz:/IhDurbN/vYDkGQDDPD3Hlfdjm

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b5707bb946b4659fad2b8a985e8288b528c5e5bff871ace11ef952d4187b9a02
- Size
  
  96KB
- MD5
  
  28fcfc1c271a3a2b843a7d9b9f8445a0
- SHA1
  
  4070e1fc12d0d2d798543346b84a9a3219d53ebb
- SHA256
  
  b5707bb946b4659fad2b8a985e8288b528c5e5bff871ace11ef952d4187b9a02
- SHA512
  
  6512311c24adb3b5473c03fafdd556dc2061c58f1c2704a4615b8555920030623c9eae9f57000e1f0208ce537321ff787f4d001c3749f0816cd6b2cfb2d9a706
- SSDEEP
  
  1536:oobIWMfgSTmT8YrbNkqlrRizDfyJlwQDnTHA7oDfPHlfdsmmz:/IhDurbN/vYDkGQDDPD3Hlfdjm
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2