2310b5bc110798eccc009a0bf3ca195c42ce365f194e82013abad9056da31099 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2310b5bc110798eccc009a0bf3ca195c42ce365f194e82013abad9056da31099
Size

73KB
Sample

221106-nh3hpabffr
MD5

0767d24b387dc0ae141d5cee6a89783d
SHA1

3999faf04e0f5417c61af21bc07acf801ab59a7f
SHA256

2310b5bc110798eccc009a0bf3ca195c42ce365f194e82013abad9056da31099
SHA512

ac6dc37176e536c8c74acdfb3caf295ac4159ca6e3f969918c51e6c73cd9e9120c877470710f88d8684536689c82490bede2ea6f7257f848752b43b75602b1e4
SSDEEP

1536:av4O6LZXNtjeX3Eze7s/VcTTCOc8WNd6JQsnKIaFBYkX:nO6EE7cTTCOvg4ijTXY

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2310b5bc110798eccc009a0bf3ca195c42ce365f194e82013abad9056da31099
- Size
  
  73KB
- MD5
  
  0767d24b387dc0ae141d5cee6a89783d
- SHA1
  
  3999faf04e0f5417c61af21bc07acf801ab59a7f
- SHA256
  
  2310b5bc110798eccc009a0bf3ca195c42ce365f194e82013abad9056da31099
- SHA512
  
  ac6dc37176e536c8c74acdfb3caf295ac4159ca6e3f969918c51e6c73cd9e9120c877470710f88d8684536689c82490bede2ea6f7257f848752b43b75602b1e4
- SSDEEP
  
  1536:av4O6LZXNtjeX3Eze7s/VcTTCOc8WNd6JQsnKIaFBYkX:nO6EE7cTTCOvg4ijTXY
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2