a1a5acd9ee861d15ab4e6c75164bbc51fdfa09f316dbb9f984449015818e0f40 | Triage

Sharing

General

Target

a1a5acd9ee861d15ab4e6c75164bbc51fdfa09f316dbb9f984449015818e0f40
Size

60KB
Sample

221106-jsqjnaagd7
MD5

3b01c2c7838ac8d43afb09e04ed831ba
SHA1

ceea24dcda371e283c293edb2cd6f3cfd8f4f7b4
SHA256

a1a5acd9ee861d15ab4e6c75164bbc51fdfa09f316dbb9f984449015818e0f40
SHA512

2b8bb8481ee25c2cb8faf61a290c8969cb2cc448a4222a93743fbaa9e47b1823096d99a7c73e7c1df89cf7a9563d1212cfc3f8709f851599bcf6eb2f91e9ffd6
SSDEEP

1536:RNEIwgBc2fVZgRAi7SDg7PiIyPHlfdsK:twgS29ZkAkSjIMHlfdX

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a1a5acd9ee861d15ab4e6c75164bbc51fdfa09f316dbb9f984449015818e0f40
- Size
  
  60KB
- MD5
  
  3b01c2c7838ac8d43afb09e04ed831ba
- SHA1
  
  ceea24dcda371e283c293edb2cd6f3cfd8f4f7b4
- SHA256
  
  a1a5acd9ee861d15ab4e6c75164bbc51fdfa09f316dbb9f984449015818e0f40
- SHA512
  
  2b8bb8481ee25c2cb8faf61a290c8969cb2cc448a4222a93743fbaa9e47b1823096d99a7c73e7c1df89cf7a9563d1212cfc3f8709f851599bcf6eb2f91e9ffd6
- SSDEEP
  
  1536:RNEIwgBc2fVZgRAi7SDg7PiIyPHlfdsK:twgS29ZkAkSjIMHlfdX
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2