a7a06ce48fc26dfc683e7fb854c7c5b23ace21f309e0128bdef11b81d02e844f | Triage

Sharing

General

Target

a7a06ce48fc26dfc683e7fb854c7c5b23ace21f309e0128bdef11b81d02e844f
Size

64KB
Sample

221123-nb43yabe7w
MD5

f5c296573af50b1254d43471ef217625
SHA1

17338c27671d5c3d0ba3eab34c85a2b468b0c311
SHA256

a7a06ce48fc26dfc683e7fb854c7c5b23ace21f309e0128bdef11b81d02e844f
SHA512

0a5ad73c6bc08479ec5a3ce391129bd92f1f5dd1290f51e6bc9bc5dc840834197ec263df232e83612154ba7ce225cbc83983e422cd8f7ea3476cb89d99276a37
SSDEEP

1536:OWgs3dEPtlffaNDa90bu0w7EhTsD6UHGE6g/2:O5EEllXalaMu04EK6M2

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a7a06ce48fc26dfc683e7fb854c7c5b23ace21f309e0128bdef11b81d02e844f
- Size
  
  64KB
- MD5
  
  f5c296573af50b1254d43471ef217625
- SHA1
  
  17338c27671d5c3d0ba3eab34c85a2b468b0c311
- SHA256
  
  a7a06ce48fc26dfc683e7fb854c7c5b23ace21f309e0128bdef11b81d02e844f
- SHA512
  
  0a5ad73c6bc08479ec5a3ce391129bd92f1f5dd1290f51e6bc9bc5dc840834197ec263df232e83612154ba7ce225cbc83983e422cd8f7ea3476cb89d99276a37
- SSDEEP
  
  1536:OWgs3dEPtlffaNDa90bu0w7EhTsD6UHGE6g/2:O5EEllXalaMu04EK6M2
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2