85734e953d02cb76263921b2a30e5e3ebef1bfb1758809d8a9b7d640c804c4ae | Triage

Sharing

General

Target

85734e953d02cb76263921b2a30e5e3ebef1bfb1758809d8a9b7d640c804c4ae
Size

169KB
Sample

221123-lvsg5scd27
MD5

7bce2359aa3d49cc521ede62553bc21f
SHA1

ce02e7d071964f24f00f17877cf340aaf7deca4a
SHA256

85734e953d02cb76263921b2a30e5e3ebef1bfb1758809d8a9b7d640c804c4ae
SHA512

cde5f91c68f289aebf91f2bdeafaa11036dbbc4a01236c082903468887243a38a16e85bf805a81f630cf8faca37a9e31b64ea1155366bc17958a2cf1952d92de
SSDEEP

3072:SLpxTJJWCXx7vCg/s74+vOt0+6KMBKy6DJclb4+wFRR:St9RdvCg0vsF44+a

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  85734e953d02cb76263921b2a30e5e3ebef1bfb1758809d8a9b7d640c804c4ae
- Size
  
  169KB
- MD5
  
  7bce2359aa3d49cc521ede62553bc21f
- SHA1
  
  ce02e7d071964f24f00f17877cf340aaf7deca4a
- SHA256
  
  85734e953d02cb76263921b2a30e5e3ebef1bfb1758809d8a9b7d640c804c4ae
- SHA512
  
  cde5f91c68f289aebf91f2bdeafaa11036dbbc4a01236c082903468887243a38a16e85bf805a81f630cf8faca37a9e31b64ea1155366bc17958a2cf1952d92de
- SSDEEP
  
  3072:SLpxTJJWCXx7vCg/s74+vOt0+6KMBKy6DJclb4+wFRR:St9RdvCg0vsF44+a
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2