b89c38e66d548f6c999dd1ec96c61de7d6ceafb83b33c9a6de01b3ae42d4fe93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b89c38e66d548f6c999dd1ec96c61de7d6ceafb83b33c9a6de01b3ae42d4fe93
Size

104KB
Sample

221123-12pr6agf94
MD5

5189b4eebbd5c6af60c8887f42bfd860
SHA1

798845b1de432f226406027399316b85e4ae6742
SHA256

b89c38e66d548f6c999dd1ec96c61de7d6ceafb83b33c9a6de01b3ae42d4fe93
SHA512

3fe21f1ad14a48c3d014d5f5bcb000dcee2da44c6dd98a1d4eacfbb3b0103c2c6ea36df06de4d06b72e4adfa3fb56d7a00395c5ed3b9c5b3bdc4aa9a1d240639
SSDEEP

1536:l4lARZWBIgYISE+cURZdSecHek8cqvY9B/xKPkdWOfG2hYTKv1/qWfqFw:9Z1gEcUDdVAezFxeWOuEYTKBqWyF

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b89c38e66d548f6c999dd1ec96c61de7d6ceafb83b33c9a6de01b3ae42d4fe93
- Size
  
  104KB
- MD5
  
  5189b4eebbd5c6af60c8887f42bfd860
- SHA1
  
  798845b1de432f226406027399316b85e4ae6742
- SHA256
  
  b89c38e66d548f6c999dd1ec96c61de7d6ceafb83b33c9a6de01b3ae42d4fe93
- SHA512
  
  3fe21f1ad14a48c3d014d5f5bcb000dcee2da44c6dd98a1d4eacfbb3b0103c2c6ea36df06de4d06b72e4adfa3fb56d7a00395c5ed3b9c5b3bdc4aa9a1d240639
- SSDEEP
  
  1536:l4lARZWBIgYISE+cURZdSecHek8cqvY9B/xKPkdWOfG2hYTKv1/qWfqFw:9Z1gEcUDdVAezFxeWOuEYTKBqWyF
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2