a6ae5732f76c1617346603ee00d04db16183318120e6ed2410efd4d36806995b | Triage

Sharing

General

Target

a6ae5732f76c1617346603ee00d04db16183318120e6ed2410efd4d36806995b
Size

105KB
Sample

221123-qqta4aef24
MD5

e181b0d9994f856d1baeb04db7474a4c
SHA1

afd4ded500179268141d2dffb51b26c8f02c9f9f
SHA256

a6ae5732f76c1617346603ee00d04db16183318120e6ed2410efd4d36806995b
SHA512

274ae3513b5dc958748229b41e18f56cf9e081725b807f8366a45993300b12eda51ef57e1b20428f8a7316b99b9502882d5cbe2b001eddcf6c1a080e719e6917
SSDEEP

3072:eYQP3z/bvx/rm24FmIr0C8Z8qEcj3Jq+ianM1Hgye+sJC:NmW08q7j3Jqh42HgybsE

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  a6ae5732f76c1617346603ee00d04db16183318120e6ed2410efd4d36806995b
- Size
  
  105KB
- MD5
  
  e181b0d9994f856d1baeb04db7474a4c
- SHA1
  
  afd4ded500179268141d2dffb51b26c8f02c9f9f
- SHA256
  
  a6ae5732f76c1617346603ee00d04db16183318120e6ed2410efd4d36806995b
- SHA512
  
  274ae3513b5dc958748229b41e18f56cf9e081725b807f8366a45993300b12eda51ef57e1b20428f8a7316b99b9502882d5cbe2b001eddcf6c1a080e719e6917
- SSDEEP
  
  3072:eYQP3z/bvx/rm24FmIr0C8Z8qEcj3Jq+ianM1Hgye+sJC:NmW08q7j3Jqh42HgybsE
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2