a0e0cd03a040ce8287cf3df3236790942a5ff7e8d1b24f83bea2a609c545dbd9 | Triage

Sharing

General

Target

a0e0cd03a040ce8287cf3df3236790942a5ff7e8d1b24f83bea2a609c545dbd9
Size

299KB
Sample

221123-qsh8xahg4s
MD5

b94bcdd0d7218ef1777b0b2fb9344312
SHA1

c19a012ececb267d50479a7daacfc470320ce155
SHA256

a0e0cd03a040ce8287cf3df3236790942a5ff7e8d1b24f83bea2a609c545dbd9
SHA512

648f9f9c256be30279c0d8c27c5a53f95abd6df5650588432303907441cb7bc84f900b9899a32438195d81c30060c17dac340e9453ceb695024798ec362dc747
SSDEEP

1536:mikokUqm1rbGOc4eu22Jcwb+TjyuXhuEXOIV1ol675XG+dkqlun:acc4eu22Kwb+/yuxRXOIV+2XGn

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a0e0cd03a040ce8287cf3df3236790942a5ff7e8d1b24f83bea2a609c545dbd9
- Size
  
  299KB
- MD5
  
  b94bcdd0d7218ef1777b0b2fb9344312
- SHA1
  
  c19a012ececb267d50479a7daacfc470320ce155
- SHA256
  
  a0e0cd03a040ce8287cf3df3236790942a5ff7e8d1b24f83bea2a609c545dbd9
- SHA512
  
  648f9f9c256be30279c0d8c27c5a53f95abd6df5650588432303907441cb7bc84f900b9899a32438195d81c30060c17dac340e9453ceb695024798ec362dc747
- SSDEEP
  
  1536:mikokUqm1rbGOc4eu22Jcwb+TjyuXhuEXOIV1ol675XG+dkqlun:acc4eu22Kwb+/yuxRXOIV+2XGn
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2