0da5654a008fb45bdf0aa4937e510bf2c73c9b4305b635e5ddc2694647e8a926 | Triage

Sharing

General

Target

0da5654a008fb45bdf0aa4937e510bf2c73c9b4305b635e5ddc2694647e8a926
Size

127KB
Sample

221123-lvrwlsfg4y
MD5

360c9a75c63394069851498d889fb949
SHA1

65fbf1d955899507cb4ff58f0a6baee3cbc6a0dd
SHA256

0da5654a008fb45bdf0aa4937e510bf2c73c9b4305b635e5ddc2694647e8a926
SHA512

e81e186f34000b18c5f6ed3242819fa82b80324d9df3efedef199e98c722c35f2fe6238afb6176cd807dd96b3fcfc9ced749da7a7759f88a31e4ab55a48a0787
SSDEEP

3072:wwYMIuDxqGnh5WaadSiCi7JHGcaFKAS00UVd:wSIuDxtnh5LadqS00Ur

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0da5654a008fb45bdf0aa4937e510bf2c73c9b4305b635e5ddc2694647e8a926
- Size
  
  127KB
- MD5
  
  360c9a75c63394069851498d889fb949
- SHA1
  
  65fbf1d955899507cb4ff58f0a6baee3cbc6a0dd
- SHA256
  
  0da5654a008fb45bdf0aa4937e510bf2c73c9b4305b635e5ddc2694647e8a926
- SHA512
  
  e81e186f34000b18c5f6ed3242819fa82b80324d9df3efedef199e98c722c35f2fe6238afb6176cd807dd96b3fcfc9ced749da7a7759f88a31e4ab55a48a0787
- SSDEEP
  
  3072:wwYMIuDxqGnh5WaadSiCi7JHGcaFKAS00UVd:wSIuDxtnh5LadqS00Ur
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2