b41564a5da158ca4a4a692e618617e236f9a622744bbbb263725732ed620f0e2 | Triage

Sharing

General

Target

b41564a5da158ca4a4a692e618617e236f9a622744bbbb263725732ed620f0e2
Size

100KB
Sample

221123-3xf1kagg4s
MD5

466b8767482c92dbd55789a6541083c0
SHA1

55f63f9f29028ed97fc5a92398f5b57cc2df3b92
SHA256

b41564a5da158ca4a4a692e618617e236f9a622744bbbb263725732ed620f0e2
SHA512

1d3d07298523b41d912b5a3fb9ce7965887d4bded74af79491515230f6416800eecad92a176f810f4b070a97aa804d70cd4696e7be874a232cae7e20ec52cf74
SSDEEP

1536:84Jf83W8W60IL26AppJSmc0z11Mc2//qCCguJgGXTA9:NJCD54pJSn44c2qCJuJggA9

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b41564a5da158ca4a4a692e618617e236f9a622744bbbb263725732ed620f0e2
- Size
  
  100KB
- MD5
  
  466b8767482c92dbd55789a6541083c0
- SHA1
  
  55f63f9f29028ed97fc5a92398f5b57cc2df3b92
- SHA256
  
  b41564a5da158ca4a4a692e618617e236f9a622744bbbb263725732ed620f0e2
- SHA512
  
  1d3d07298523b41d912b5a3fb9ce7965887d4bded74af79491515230f6416800eecad92a176f810f4b070a97aa804d70cd4696e7be874a232cae7e20ec52cf74
- SSDEEP
  
  1536:84Jf83W8W60IL26AppJSmc0z11Mc2//qCCguJgGXTA9:NJCD54pJSn44c2qCJuJggA9
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2