b095b45efce9e6ac37c9081b9d4ac79f076b43c3d44eddc8f9ab6281b4a40689 | Triage

Sharing

General

Target

b095b45efce9e6ac37c9081b9d4ac79f076b43c3d44eddc8f9ab6281b4a40689
Size

122KB
Sample

221107-f49vwscggk
MD5

052987e8936df481fcfc85ddf9e6fee6
SHA1

4fb863617d76cbe1572df02c6e0c951b3ea9d731
SHA256

b095b45efce9e6ac37c9081b9d4ac79f076b43c3d44eddc8f9ab6281b4a40689
SHA512

27e6a53a9d678e50d1c982f6376b824445064cb80c0ad8d3ea7e7f1751e6e9def9823ca8bafe509bc322fb0ed8ebf125479b624a3ceecb377dee88ab6cfd5eef
SSDEEP

1536:nFyzF9MFVCujlsQoeQZZ86ukpj0nGGF9v+4DR5X:FyzQVCujl71QZZ4kp4F9Xtx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b095b45efce9e6ac37c9081b9d4ac79f076b43c3d44eddc8f9ab6281b4a40689
- Size
  
  122KB
- MD5
  
  052987e8936df481fcfc85ddf9e6fee6
- SHA1
  
  4fb863617d76cbe1572df02c6e0c951b3ea9d731
- SHA256
  
  b095b45efce9e6ac37c9081b9d4ac79f076b43c3d44eddc8f9ab6281b4a40689
- SHA512
  
  27e6a53a9d678e50d1c982f6376b824445064cb80c0ad8d3ea7e7f1751e6e9def9823ca8bafe509bc322fb0ed8ebf125479b624a3ceecb377dee88ab6cfd5eef
- SSDEEP
  
  1536:nFyzF9MFVCujlsQoeQZZ86ukpj0nGGF9v+4DR5X:FyzQVCujl71QZZ4kp4F9Xtx
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence