9efd4b5c99bd03349d982e48de92ae74913c552fed8adf59e4a5ec5921ef1b91 | Triage

Sharing

General

Target

9efd4b5c99bd03349d982e48de92ae74913c552fed8adf59e4a5ec5921ef1b91
Size

60KB
Sample

221123-qszwnahg6z
MD5

dafcd3bcf725f1c49ac6787dd9322c76
SHA1

1e7692a17be5258ae4f9e8ff44f4772ff1d0d1d7
SHA256

9efd4b5c99bd03349d982e48de92ae74913c552fed8adf59e4a5ec5921ef1b91
SHA512

0fa2f66f43b50335466bef0fd8d682308b203fafebdd899729bcec6a35a9f4ce294650c05d2d6e4b15301f9a5960aee9fec8b6cba7912ec0c9e9c67c7e22d475
SSDEEP

768:JIEcQzWTDvW7SbBkeHsKs8dNtzmuupLaKJIncVDHsURHYwHOrFqswoNC0b7:yLW7SqqsKJdNIZxVjbR4UOrFDwoNC0b

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  9efd4b5c99bd03349d982e48de92ae74913c552fed8adf59e4a5ec5921ef1b91
- Size
  
  60KB
- MD5
  
  dafcd3bcf725f1c49ac6787dd9322c76
- SHA1
  
  1e7692a17be5258ae4f9e8ff44f4772ff1d0d1d7
- SHA256
  
  9efd4b5c99bd03349d982e48de92ae74913c552fed8adf59e4a5ec5921ef1b91
- SHA512
  
  0fa2f66f43b50335466bef0fd8d682308b203fafebdd899729bcec6a35a9f4ce294650c05d2d6e4b15301f9a5960aee9fec8b6cba7912ec0c9e9c67c7e22d475
- SSDEEP
  
  768:JIEcQzWTDvW7SbBkeHsKs8dNtzmuupLaKJIncVDHsURHYwHOrFqswoNC0b7:yLW7SqqsKJdNIZxVjbR4UOrFDwoNC0b
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2