a14613daa2f3b5a6fb54a20e6549b9ffee8f6f6572a7d88ee4fffabf2dfeb974 | Triage

Sharing

General

Target

a14613daa2f3b5a6fb54a20e6549b9ffee8f6f6572a7d88ee4fffabf2dfeb974
Size

305KB
Sample

221123-qsdy7aeg24
MD5

2ec34c5fecf7aa50e9930d8ad0fedea7
SHA1

57db56446cf7262fc475f0035bd8591c30885989
SHA256

a14613daa2f3b5a6fb54a20e6549b9ffee8f6f6572a7d88ee4fffabf2dfeb974
SHA512

6334923b5bf698b98cb987a1587d09d216501a17085f3bfda3b3f88fe5d8eab87616e2e0534b18a3060c9d82f720dfd04250e4eaf44b250fe5f4ae97b3be2372
SSDEEP

1536:7njFRTlN18NhnKRfX/DsEq36183wn4+SIFCec4/lgKNOLDQ3sh5DhLrd:7njFDN+na/D+3JDICec4K+eTh55d

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a14613daa2f3b5a6fb54a20e6549b9ffee8f6f6572a7d88ee4fffabf2dfeb974
- Size
  
  305KB
- MD5
  
  2ec34c5fecf7aa50e9930d8ad0fedea7
- SHA1
  
  57db56446cf7262fc475f0035bd8591c30885989
- SHA256
  
  a14613daa2f3b5a6fb54a20e6549b9ffee8f6f6572a7d88ee4fffabf2dfeb974
- SHA512
  
  6334923b5bf698b98cb987a1587d09d216501a17085f3bfda3b3f88fe5d8eab87616e2e0534b18a3060c9d82f720dfd04250e4eaf44b250fe5f4ae97b3be2372
- SSDEEP
  
  1536:7njFRTlN18NhnKRfX/DsEq36183wn4+SIFCec4/lgKNOLDQ3sh5DhLrd:7njFDN+na/D+3JDICec4K+eTh55d
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2