501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c | Triage

Sharing

General

Target

501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c
Size

4.2MB
Sample

221123-lwmy2sfh2v
MD5

07f8195a0f98d7d734bf21cb2b46e0ab
SHA1

cb589f3e827e5a56c689165948fa7b2d70658e6c
SHA256

501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c
SHA512

40c8523596e461427e4f3e070ad6c31e9634995b5a6761446b1af448b30cf0d1787538f97bcaea480a54475cc06aa8aaf3aa8c749bbb3887cf40038a6fe5ecfc
SSDEEP

98304:ECjPKNA1vv3LuCZFJwHOVjGE2nzaTZwOw5qBs9J9:ECbGAdPLuCHu0GEOzUKOns9T

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c
- Size
  
  4.2MB
- MD5
  
  07f8195a0f98d7d734bf21cb2b46e0ab
- SHA1
  
  cb589f3e827e5a56c689165948fa7b2d70658e6c
- SHA256
  
  501140cf4e9b12b9c222ecfc46a94a0c9cf0d88392ece4e7518bf6bbc1ca129c
- SHA512
  
  40c8523596e461427e4f3e070ad6c31e9634995b5a6761446b1af448b30cf0d1787538f97bcaea480a54475cc06aa8aaf3aa8c749bbb3887cf40038a6fe5ecfc
- SSDEEP
  
  98304:ECjPKNA1vv3LuCZFJwHOVjGE2nzaTZwOw5qBs9J9:ECbGAdPLuCHu0GEOzUKOns9T
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2