8b218eabf5a71af489bde2b63a90459580a2f215bfe5c5e3f536cdf16aec95cb | Triage

Sharing

General

Target

8b218eabf5a71af489bde2b63a90459580a2f215bfe5c5e3f536cdf16aec95cb
Size

1.2MB
Sample

221123-w3r7fsgf5z
MD5

3cb6c82637c34036f154664c66680165
SHA1

681bd8a88866f1d700b70fabf1a6bd372c06f779
SHA256

8b218eabf5a71af489bde2b63a90459580a2f215bfe5c5e3f536cdf16aec95cb
SHA512

38796eb5e945c19b4165169ac5eb3648a451d4323452c5fb9ca263d42dee87b0384e85e029663f812f1f57fd91df4b3eeb1f31a88b423cf84c29e88b23b12b99
SSDEEP

24576:VkEBSta9vNB1MTN2kmRCCTBMR6FrLoGOxTFYOx6NmiQdzmy+/E8:DBStSvJUzmECTBiqwxio6NZKW/n

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  8b218eabf5a71af489bde2b63a90459580a2f215bfe5c5e3f536cdf16aec95cb
- Size
  
  1.2MB
- MD5
  
  3cb6c82637c34036f154664c66680165
- SHA1
  
  681bd8a88866f1d700b70fabf1a6bd372c06f779
- SHA256
  
  8b218eabf5a71af489bde2b63a90459580a2f215bfe5c5e3f536cdf16aec95cb
- SHA512
  
  38796eb5e945c19b4165169ac5eb3648a451d4323452c5fb9ca263d42dee87b0384e85e029663f812f1f57fd91df4b3eeb1f31a88b423cf84c29e88b23b12b99
- SSDEEP
  
  24576:VkEBSta9vNB1MTN2kmRCCTBMR6FrLoGOxTFYOx6NmiQdzmy+/E8:DBStSvJUzmECTBiqwxio6NZKW/n
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2