ed77a1b83134f0140c3647d70f4e19ed582003619076b6552efe15efb3054f90 | Triage

Sharing

General

Target

ed77a1b83134f0140c3647d70f4e19ed582003619076b6552efe15efb3054f90
Size

296KB
Sample

221123-pzyfqsfg2t
MD5

262310fd04bfde4d6128b2edb133c81e
SHA1

4ae33a960dd6bbf7bcc6bcdf28e14f796ab84724
SHA256

ed77a1b83134f0140c3647d70f4e19ed582003619076b6552efe15efb3054f90
SHA512

56eacf34d055359b78953817c7ac68cde23feba382f0a42c23ebc014ab08ca06b28bd475b70aac4535c8b2e1956bf7254fc2d00eccbba4ca3fa7647f5458fc67
SSDEEP

1536:dOYwgQPqi1rbJc4eu22BcxEdt+TI6yJ6sxUCV6soNz4cQIG:DYc4eu22COr+E6yJl+WLAzQIG

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ed77a1b83134f0140c3647d70f4e19ed582003619076b6552efe15efb3054f90
- Size
  
  296KB
- MD5
  
  262310fd04bfde4d6128b2edb133c81e
- SHA1
  
  4ae33a960dd6bbf7bcc6bcdf28e14f796ab84724
- SHA256
  
  ed77a1b83134f0140c3647d70f4e19ed582003619076b6552efe15efb3054f90
- SHA512
  
  56eacf34d055359b78953817c7ac68cde23feba382f0a42c23ebc014ab08ca06b28bd475b70aac4535c8b2e1956bf7254fc2d00eccbba4ca3fa7647f5458fc67
- SSDEEP
  
  1536:dOYwgQPqi1rbJc4eu22BcxEdt+TI6yJ6sxUCV6soNz4cQIG:DYc4eu22COr+E6yJl+WLAzQIG
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2