4114bcb15d0b5fa4ceb00917212b6bea63ec982b5cf93486f71c2ff96181dcc7 | Triage

Sharing

General

Target

4114bcb15d0b5fa4ceb00917212b6bea63ec982b5cf93486f71c2ff96181dcc7
Size

40KB
Sample

221123-rt9ypace5t
MD5

b6be549fe7487982adcb930222128b43
SHA1

689e3b5f695f2366077cb2a408f7c2f632590c81
SHA256

4114bcb15d0b5fa4ceb00917212b6bea63ec982b5cf93486f71c2ff96181dcc7
SHA512

69dc66ae096c3783d125610d7839b7f4fccc2101c093a4c83fd9edff831239035b3d42568befe6bbe9f0dde347219ec273749ca5dbd31412311ec523ba8e33e8
SSDEEP

768:SWPHez0wTTMEMHqmglLK7q01WbfU/s/5QH+Y:lPrwTwEMil27qIWbfUU/nY

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  4114bcb15d0b5fa4ceb00917212b6bea63ec982b5cf93486f71c2ff96181dcc7
- Size
  
  40KB
- MD5
  
  b6be549fe7487982adcb930222128b43
- SHA1
  
  689e3b5f695f2366077cb2a408f7c2f632590c81
- SHA256
  
  4114bcb15d0b5fa4ceb00917212b6bea63ec982b5cf93486f71c2ff96181dcc7
- SHA512
  
  69dc66ae096c3783d125610d7839b7f4fccc2101c093a4c83fd9edff831239035b3d42568befe6bbe9f0dde347219ec273749ca5dbd31412311ec523ba8e33e8
- SSDEEP
  
  768:SWPHez0wTTMEMHqmglLK7q01WbfU/s/5QH+Y:lPrwTwEMil27qIWbfUU/nY
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2