e0096121cda198b566e6ec11626f54555342f108c6cea7e3eb91d8b2d4d2b05c | Triage

Sharing

General

Target

e0096121cda198b566e6ec11626f54555342f108c6cea7e3eb91d8b2d4d2b05c
Size

136KB
Sample

221123-p437sada39
MD5

c93c71ff9e57756457b3a03585a48a87
SHA1

248e48483789c98e58f312d9a55ad8fa6d11df11
SHA256

e0096121cda198b566e6ec11626f54555342f108c6cea7e3eb91d8b2d4d2b05c
SHA512

a9d18c70cfe93eda7b45e341f153da03b7183802381fc6ebe00eb3620d28af0a5fd3e2f5b6ac2604cff8f93372508c8977bae59b9c1da731039a177508ab57c6
SSDEEP

3072:N58GVH5tEhRBr2HOaigW1957nFqihYqyrt12:N86w57nlmK

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  e0096121cda198b566e6ec11626f54555342f108c6cea7e3eb91d8b2d4d2b05c
- Size
  
  136KB
- MD5
  
  c93c71ff9e57756457b3a03585a48a87
- SHA1
  
  248e48483789c98e58f312d9a55ad8fa6d11df11
- SHA256
  
  e0096121cda198b566e6ec11626f54555342f108c6cea7e3eb91d8b2d4d2b05c
- SHA512
  
  a9d18c70cfe93eda7b45e341f153da03b7183802381fc6ebe00eb3620d28af0a5fd3e2f5b6ac2604cff8f93372508c8977bae59b9c1da731039a177508ab57c6
- SSDEEP
  
  3072:N58GVH5tEhRBr2HOaigW1957nFqihYqyrt12:N86w57nlmK
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2