a331a7a0790ee8d2b1cb1f7f84decb477cb109f061d674f1288b6c68ecee9954 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a331a7a0790ee8d2b1cb1f7f84decb477cb109f061d674f1288b6c68ecee9954
Size

71KB
Sample

221106-s1z8habfdk
MD5

0dec1f02a34134b054d2b8467478bcd6
SHA1

4c877120d6697edf429370570bc20b51fc411900
SHA256

a331a7a0790ee8d2b1cb1f7f84decb477cb109f061d674f1288b6c68ecee9954
SHA512

079ea17604ce820165a2ecbd4684c2823d5158c3e82cd00d4a9f684e86630a3e8bb72dc25fde0ec6efddb2e49478b59e0cf91002d1c1cfdb8e56b3657ce30fee
SSDEEP

768:ldziz355/dlrFpq6pnuER2wrmhDrMjBJMm/uVf1zBmQzTGfmgyqAE:ldzizv/pQGucHr1jBJRWVf1zwQVgvAE

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a331a7a0790ee8d2b1cb1f7f84decb477cb109f061d674f1288b6c68ecee9954
- Size
  
  71KB
- MD5
  
  0dec1f02a34134b054d2b8467478bcd6
- SHA1
  
  4c877120d6697edf429370570bc20b51fc411900
- SHA256
  
  a331a7a0790ee8d2b1cb1f7f84decb477cb109f061d674f1288b6c68ecee9954
- SHA512
  
  079ea17604ce820165a2ecbd4684c2823d5158c3e82cd00d4a9f684e86630a3e8bb72dc25fde0ec6efddb2e49478b59e0cf91002d1c1cfdb8e56b3657ce30fee
- SSDEEP
  
  768:ldziz355/dlrFpq6pnuER2wrmhDrMjBJMm/uVf1zBmQzTGfmgyqAE:ldzizv/pQGucHr1jBJRWVf1zwQVgvAE
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2