5eae941b375098bc75c63f880da65b46e674309f3800316c8c91920b6062251d | Triage

Sharing

General

Target

5eae941b375098bc75c63f880da65b46e674309f3800316c8c91920b6062251d
Size

58KB
Sample

221123-rhqexagf66
MD5

e6974042775fcbd3c5fd8980bf35cfd7
SHA1

5729bda9d8f47a20ecbc67bb01b5e8be29141a12
SHA256

5eae941b375098bc75c63f880da65b46e674309f3800316c8c91920b6062251d
SHA512

021857b81a74db3e4263d7a65b76bdd091874049605ae874b0a6ce2b267549746c553c6b33b12b436a9d5c57fe106350a597229895c9d8dddc9ae4300a3a7db8
SSDEEP

768:66t7sv+coEpsFcf6kMWuwiP4N83KbG/tMHxFy/trtfIw5ws1EFljCpkj6fFN:6TWVEpsFS6kM7P4N88RWlZ5YYaj6f

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5eae941b375098bc75c63f880da65b46e674309f3800316c8c91920b6062251d
- Size
  
  58KB
- MD5
  
  e6974042775fcbd3c5fd8980bf35cfd7
- SHA1
  
  5729bda9d8f47a20ecbc67bb01b5e8be29141a12
- SHA256
  
  5eae941b375098bc75c63f880da65b46e674309f3800316c8c91920b6062251d
- SHA512
  
  021857b81a74db3e4263d7a65b76bdd091874049605ae874b0a6ce2b267549746c553c6b33b12b436a9d5c57fe106350a597229895c9d8dddc9ae4300a3a7db8
- SSDEEP
  
  768:66t7sv+coEpsFcf6kMWuwiP4N83KbG/tMHxFy/trtfIw5ws1EFljCpkj6fFN:6TWVEpsFS6kM7P4N88RWlZ5YYaj6f
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2