8f78c72f16d7081b61b94119252fb0b2edcdb0e4486b6c32c0f0bec91b8b3673 | Triage

Sharing

General

Target

8f78c72f16d7081b61b94119252fb0b2edcdb0e4486b6c32c0f0bec91b8b3673
Size

82KB
Sample

221123-qy748aac6s
MD5

a1293b20bacab2e4364908841f23e2b9
SHA1

38323e976fa32a9b7b81686026e75b113b6f2838
SHA256

8f78c72f16d7081b61b94119252fb0b2edcdb0e4486b6c32c0f0bec91b8b3673
SHA512

c92bd7fa8f2d0c6af77a8443a3717b8755aefb85ea265da9915e06a7f31c7e07d9bbc2137f8844810419a7a95947fb07c84e6f26df6119eb2856bc1d0f69f592
SSDEEP

1536:g29dE74wmV2Ztk/Yy8mBc9XFdDkIF0ehHv:Va4LwcYylOFBxhHv

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  8f78c72f16d7081b61b94119252fb0b2edcdb0e4486b6c32c0f0bec91b8b3673
- Size
  
  82KB
- MD5
  
  a1293b20bacab2e4364908841f23e2b9
- SHA1
  
  38323e976fa32a9b7b81686026e75b113b6f2838
- SHA256
  
  8f78c72f16d7081b61b94119252fb0b2edcdb0e4486b6c32c0f0bec91b8b3673
- SHA512
  
  c92bd7fa8f2d0c6af77a8443a3717b8755aefb85ea265da9915e06a7f31c7e07d9bbc2137f8844810419a7a95947fb07c84e6f26df6119eb2856bc1d0f69f592
- SSDEEP
  
  1536:g29dE74wmV2Ztk/Yy8mBc9XFdDkIF0ehHv:Va4LwcYylOFBxhHv
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2