827ae5a3d83b59edb5bf82da456eb17ae2f2e8f3a56a9b64b32f10d630408acf | Triage

Sharing

General

Target

827ae5a3d83b59edb5bf82da456eb17ae2f2e8f3a56a9b64b32f10d630408acf
Size

57KB
Sample

221107-n7wfnshbdj
MD5

0c8fe92ae600f0f2c00fff0d5000baf0
SHA1

7430e391ddaa148e98105baabb3d8374f0cb6709
SHA256

827ae5a3d83b59edb5bf82da456eb17ae2f2e8f3a56a9b64b32f10d630408acf
SHA512

6e8f2211a1bd187d4983b7e4c264b1ba58f5664c24aa876535a3ad8061fa82116a24f1ecbd4d697b3812d33ca368a9569f4a9f1df4518862ad0145e4730637e4
SSDEEP

1536:ColLryjTkegAtH/wPYBjoE53mw7xFLgyn:D2U6wPUoMmSj

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  827ae5a3d83b59edb5bf82da456eb17ae2f2e8f3a56a9b64b32f10d630408acf
- Size
  
  57KB
- MD5
  
  0c8fe92ae600f0f2c00fff0d5000baf0
- SHA1
  
  7430e391ddaa148e98105baabb3d8374f0cb6709
- SHA256
  
  827ae5a3d83b59edb5bf82da456eb17ae2f2e8f3a56a9b64b32f10d630408acf
- SHA512
  
  6e8f2211a1bd187d4983b7e4c264b1ba58f5664c24aa876535a3ad8061fa82116a24f1ecbd4d697b3812d33ca368a9569f4a9f1df4518862ad0145e4730637e4
- SSDEEP
  
  1536:ColLryjTkegAtH/wPYBjoE53mw7xFLgyn:D2U6wPUoMmSj
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2