Overview

overview

10

Static

static

6dc093d21b...4a.exe

windows7-x64

10

6dc093d21b...4a.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6dc093d21bd95e0881c07eb55ac89fbc9fe3c22b90943ceb38956834e08fde4a

  • Size

    83KB

  • Sample

    221123-m85v3agb56

  • MD5

    cdd36c533459172fc96767321528a0e2

  • SHA1

    dd55e6f267f6589fa0da782f213275158e2c905c

  • SHA256

    6dc093d21bd95e0881c07eb55ac89fbc9fe3c22b90943ceb38956834e08fde4a

  • SHA512

    446fafa5ca48135ad5e5f9ea9aca28f08739d4e58369cb388caa4a5e769951b747d625096a7328342c90eb75192b3ef223e91f14998cef0b6507f5e7b7e8b218

  • SSDEEP

    1536:HhcwHvWy6ZTy/2JR/HI/yXqUQ688oaVRTWTromVjUafLi6M94:yQWyB2nA/yxQGVRaT0oLi6M94

Score
10/10
persistence

Malware Config

Targets

    • Target

      6dc093d21bd95e0881c07eb55ac89fbc9fe3c22b90943ceb38956834e08fde4a

    • Size

      83KB

    • MD5

      cdd36c533459172fc96767321528a0e2

    • SHA1

      dd55e6f267f6589fa0da782f213275158e2c905c

    • SHA256

      6dc093d21bd95e0881c07eb55ac89fbc9fe3c22b90943ceb38956834e08fde4a

    • SHA512

      446fafa5ca48135ad5e5f9ea9aca28f08739d4e58369cb388caa4a5e769951b747d625096a7328342c90eb75192b3ef223e91f14998cef0b6507f5e7b7e8b218

    • SSDEEP

      1536:HhcwHvWy6ZTy/2JR/HI/yXqUQ688oaVRTWTromVjUafLi6M94:yQWyB2nA/yxQGVRaT0oLi6M94

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks