a20e60b05424997891bc48377669dbdbcfd4c789f0fbf9f6bd1d8d1333301e2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a20e60b05424997891bc48377669dbdbcfd4c789f0fbf9f6bd1d8d1333301e2e
Size

104KB
Sample

221107-nf245sffgp
MD5

0ca5cbd264cb644c3c240702054d7417
SHA1

9feb518dd32920242d42caadfba8d6a1b3db8e39
SHA256

a20e60b05424997891bc48377669dbdbcfd4c789f0fbf9f6bd1d8d1333301e2e
SHA512

6a4ff782e2e537dd9c8abc87514008659afb4f0bf96269f611524478db18e36c97d33f1d2d9232db528acf1678fc54d73070292cd003f1dc6bcf7591f2f187e5
SSDEEP

1536:RXiwshheUeactU+cWMvmdPQsjVxoNnX+qhxB6UTeT1QzKwa+KKzBvcy6R:wwP1d/cW7jVmV+qx6USJQ9dvc1

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a20e60b05424997891bc48377669dbdbcfd4c789f0fbf9f6bd1d8d1333301e2e
- Size
  
  104KB
- MD5
  
  0ca5cbd264cb644c3c240702054d7417
- SHA1
  
  9feb518dd32920242d42caadfba8d6a1b3db8e39
- SHA256
  
  a20e60b05424997891bc48377669dbdbcfd4c789f0fbf9f6bd1d8d1333301e2e
- SHA512
  
  6a4ff782e2e537dd9c8abc87514008659afb4f0bf96269f611524478db18e36c97d33f1d2d9232db528acf1678fc54d73070292cd003f1dc6bcf7591f2f187e5
- SSDEEP
  
  1536:RXiwshheUeactU+cWMvmdPQsjVxoNnX+qhxB6UTeT1QzKwa+KKzBvcy6R:wwP1d/cW7jVmV+qx6USJQ9dvc1
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2