Overview

overview

10

Static

static

5

501140cf4e...9c.exe

windows7-x64

10

501140cf4e...9c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c

  • Size

    4.2MB

  • Sample

    221123-lwmy2sfh2v

  • MD5

    07f8195a0f98d7d734bf21cb2b46e0ab

  • SHA1

    cb589f3e827e5a56c689165948fa7b2d70658e6c

  • SHA256

    501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c

  • SHA512

    40c8523596e461427e4f3e070ad6c31e9634995b5a6761446b1af448b30cf0d1787538f97bcaea480a54475cc06aa8aaf3aa8c749bbb3887cf40038a6fe5ecfc

  • SSDEEP

    98304:ECjPKNA1vv3LuCZFJwHOVjGE2nzaTZwOw5qBs9J9:ECbGAdPLuCHu0GEOzUKOns9T

Score
10/10
persistence

Malware Config

Targets

    • Target

      501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c

    • Size

      4.2MB

    • MD5

      07f8195a0f98d7d734bf21cb2b46e0ab

    • SHA1

      cb589f3e827e5a56c689165948fa7b2d70658e6c

    • SHA256

      501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c

    • SHA512

      40c8523596e461427e4f3e070ad6c31e9634995b5a6761446b1af448b30cf0d1787538f97bcaea480a54475cc06aa8aaf3aa8c749bbb3887cf40038a6fe5ecfc

    • SSDEEP

      98304:ECjPKNA1vv3LuCZFJwHOVjGE2nzaTZwOw5qBs9J9:ECbGAdPLuCHu0GEOzUKOns9T

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks