5cf19cf8456dc5e9ef5824414146d3b93fdbfb0f1a39564f655387692012408a | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.kpvf-5cf19cf8456dc5e9ef5824414146d3b93fdbfb0f1a39564f655387692012408a
Size

200KB
Sample

221107-lsgymacgfn
MD5

46ab43322c0cbd4991c44178ce4dc1be
SHA1

5890bb3a3964c0ca78fb52dc7b79e2d587b03dec
SHA256

5cf19cf8456dc5e9ef5824414146d3b93fdbfb0f1a39564f655387692012408a
SHA512

c569dc67ce320a7669f23172de5c2a92224ed11379fc59778d55fe14c36f03db557a954061cc8b68c8ff64d0cfe23211e3d6ef6f21060e2aa29ea7cec748e341
SSDEEP

1536:KUFQfEcm/El8Vq1wLf/fyud+Li3f1zwQVgvm:Kkp8aqMnfymIiv1zwLvm

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.kpvf-5cf19cf8456dc5e9ef5824414146d3b93fdbfb0f1a39564f655387692012408a
- Size
  
  200KB
- MD5
  
  46ab43322c0cbd4991c44178ce4dc1be
- SHA1
  
  5890bb3a3964c0ca78fb52dc7b79e2d587b03dec
- SHA256
  
  5cf19cf8456dc5e9ef5824414146d3b93fdbfb0f1a39564f655387692012408a
- SHA512
  
  c569dc67ce320a7669f23172de5c2a92224ed11379fc59778d55fe14c36f03db557a954061cc8b68c8ff64d0cfe23211e3d6ef6f21060e2aa29ea7cec748e341
- SSDEEP
  
  1536:KUFQfEcm/El8Vq1wLf/fyud+Li3f1zwQVgvm:Kkp8aqMnfymIiv1zwLvm
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2