Overview

overview

10

Static

static

276cb9f91e...ec.exe

windows7-x64

10

276cb9f91e...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    276cb9f91e085bc073025fffcb7881f1bce99d75244089e9b4c0bc743bc4a2ec

  • Size

    163KB

  • Sample

    221123-r4hxysdc7z

  • MD5

    18f1df4b40dc6a070db0fe01479c26e9

  • SHA1

    24512cdd1c7d9faf21736d89b420654a44d6d630

  • SHA256

    276cb9f91e085bc073025fffcb7881f1bce99d75244089e9b4c0bc743bc4a2ec

  • SHA512

    7f616f5c26e1af5101b50b7ca4a227d6b97a471e64b84ba82ac8605dcc943ea030cbc12472ca1fcafc7b931e07c3cc8fc0c318a1f1faa4cc0a4d2062e734d311

  • SSDEEP

    3072:5QRGNshsXR9Kiryy4XbXY9DsqCAYy2IK+z0Dx/RO:UGNKsXR914YpsxMrz0Dx/E

Score
10/10
persistence

Malware Config

Targets

    • Target

      276cb9f91e085bc073025fffcb7881f1bce99d75244089e9b4c0bc743bc4a2ec

    • Size

      163KB

    • MD5

      18f1df4b40dc6a070db0fe01479c26e9

    • SHA1

      24512cdd1c7d9faf21736d89b420654a44d6d630

    • SHA256

      276cb9f91e085bc073025fffcb7881f1bce99d75244089e9b4c0bc743bc4a2ec

    • SHA512

      7f616f5c26e1af5101b50b7ca4a227d6b97a471e64b84ba82ac8605dcc943ea030cbc12472ca1fcafc7b931e07c3cc8fc0c318a1f1faa4cc0a4d2062e734d311

    • SSDEEP

      3072:5QRGNshsXR9Kiryy4XbXY9DsqCAYy2IK+z0Dx/RO:UGNKsXR914YpsxMrz0Dx/E

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Modifies WinLogon

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks