8c9afafb0efb7a3e581ca7532559fc61e6e68453d7b25af593a213087a6120aa | Triage

Sharing

General

Target

8c9afafb0efb7a3e581ca7532559fc61e6e68453d7b25af593a213087a6120aa
Size

252KB
Sample

221123-qz2zlafc74
MD5

9c3c2d233af68d4db475af9a92936527
SHA1

1cc52fbb0489470ce88411960b498554dcad7786
SHA256

8c9afafb0efb7a3e581ca7532559fc61e6e68453d7b25af593a213087a6120aa
SHA512

25fd014db666a8a6602aae5531266d4b890054709f5e9090b00949526b55f99a429a5edca5243a7f0947b78b21312cb70e6b4986fea07e400a4280c078173858
SSDEEP

6144:Yg9SJ3GmB+gw8quOMdwD5xTse7P+BMbA5QwEgNV0gShqlHfl:FSJWmMB6OM6VxAeD+qbA5LEgNKhCHfl

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  8c9afafb0efb7a3e581ca7532559fc61e6e68453d7b25af593a213087a6120aa
- Size
  
  252KB
- MD5
  
  9c3c2d233af68d4db475af9a92936527
- SHA1
  
  1cc52fbb0489470ce88411960b498554dcad7786
- SHA256
  
  8c9afafb0efb7a3e581ca7532559fc61e6e68453d7b25af593a213087a6120aa
- SHA512
  
  25fd014db666a8a6602aae5531266d4b890054709f5e9090b00949526b55f99a429a5edca5243a7f0947b78b21312cb70e6b4986fea07e400a4280c078173858
- SSDEEP
  
  6144:Yg9SJ3GmB+gw8quOMdwD5xTse7P+BMbA5QwEgNV0gShqlHfl:FSJWmMB6OM6VxAeD+qbA5LEgNKhCHfl
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence