49902918015bd525f8bf60c7683a85675bfed881d13f270ce3dfb85e6f1fa502 | Triage

Sharing

General

Target

49902918015bd525f8bf60c7683a85675bfed881d13f270ce3dfb85e6f1fa502
Size

115KB
Sample

221123-lttc2scc67
MD5

c392f9fdb14d2efe5a3b2d3f3bd6c4c9
SHA1

c96082db67b5d46ea3b0908ba24b3a5e8eeef019
SHA256

49902918015bd525f8bf60c7683a85675bfed881d13f270ce3dfb85e6f1fa502
SHA512

eda2f88a7a53dd877a342898b4638b578a8b014210a88c7fc91e3fd0525ce2aa0d2485e5f7a33191d3fde63c164dc2ed089a8c4c590d5f4f375d17d4e46ba1dc
SSDEEP

1536:iAB6uwU1FiJWT3GmF8oiEvyWQzUF+jhTr8cK1X9atHRGhYh/h:iAQ/UTyGX8oZM8+jhTr8BX2RG2h

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  49902918015bd525f8bf60c7683a85675bfed881d13f270ce3dfb85e6f1fa502
- Size
  
  115KB
- MD5
  
  c392f9fdb14d2efe5a3b2d3f3bd6c4c9
- SHA1
  
  c96082db67b5d46ea3b0908ba24b3a5e8eeef019
- SHA256
  
  49902918015bd525f8bf60c7683a85675bfed881d13f270ce3dfb85e6f1fa502
- SHA512
  
  eda2f88a7a53dd877a342898b4638b578a8b014210a88c7fc91e3fd0525ce2aa0d2485e5f7a33191d3fde63c164dc2ed089a8c4c590d5f4f375d17d4e46ba1dc
- SSDEEP
  
  1536:iAB6uwU1FiJWT3GmF8oiEvyWQzUF+jhTr8cK1X9atHRGhYh/h:iAQ/UTyGX8oZM8+jhTr8BX2RG2h
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2