Overview

overview

10

Static

static

16e23a73c5...75.exe

windows7-x64

10

16e23a73c5...75.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16e23a73c5c7bc6672903c54c5bf75046082338ff8aed03668dee3beefe46175

  • Size

    115KB

  • Sample

    221123-lttzksff9z

  • MD5

    d14ba65338b03255b0caf3b40b6bd76b

  • SHA1

    16a261aa344eb9a23ce1090cc024f3f769de7c55

  • SHA256

    16e23a73c5c7bc6672903c54c5bf75046082338ff8aed03668dee3beefe46175

  • SHA512

    872882b6905b2c716faf0e34ae6da0425f9a48bc7a899e62bcf4d66930a13103bf77eba951ee8f930946b60868062f121d81f5d5c10aef484b8f80d8a49b2f87

  • SSDEEP

    1536:eAB6uwU1FiJWT3GmA8oidfSz5TVgdjOb2RADCGAi8AijAi:eAQ/UTyGS8oeYvgdjWrlP8PjP

Score
10/10
persistence

Malware Config

Targets

    • Target

      16e23a73c5c7bc6672903c54c5bf75046082338ff8aed03668dee3beefe46175

    • Size

      115KB

    • MD5

      d14ba65338b03255b0caf3b40b6bd76b

    • SHA1

      16a261aa344eb9a23ce1090cc024f3f769de7c55

    • SHA256

      16e23a73c5c7bc6672903c54c5bf75046082338ff8aed03668dee3beefe46175

    • SHA512

      872882b6905b2c716faf0e34ae6da0425f9a48bc7a899e62bcf4d66930a13103bf77eba951ee8f930946b60868062f121d81f5d5c10aef484b8f80d8a49b2f87

    • SSDEEP

      1536:eAB6uwU1FiJWT3GmA8oidfSz5TVgdjOb2RADCGAi8AijAi:eAQ/UTyGS8oeYvgdjWrlP8PjP

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks