bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed | Triage

Sharing

General

Target

bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed
Size

724KB
Sample

221123-xgsfrshh9x
MD5

168c76af44b30535d4e067d34a1f568b
SHA1

5931a2416395205529fdef69a1ed897274bf1efd
SHA256

bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed
SHA512

ec679e9c0991d26674ab7ddc9a0a5817f3eab31b3bb5c24a7fa499cd07bbe0fc2b3608a78c5014e75d2446868e2f7dc879e679f5b69eb9a4168f4a52f549b3b5
SSDEEP

12288:VkIybu8N3UzBStPzm4Al3Y0BDWixnLIIRjxr4XINb1wFwWoq+xZe3r:VkEBSta9vpNb1+wWorZ0r

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed
- Size
  
  724KB
- MD5
  
  168c76af44b30535d4e067d34a1f568b
- SHA1
  
  5931a2416395205529fdef69a1ed897274bf1efd
- SHA256
  
  bfcee89064b5bff8a72e65f567171399e112327bcce703b9b47d535a02f954ed
- SHA512
  
  ec679e9c0991d26674ab7ddc9a0a5817f3eab31b3bb5c24a7fa499cd07bbe0fc2b3608a78c5014e75d2446868e2f7dc879e679f5b69eb9a4168f4a52f549b3b5
- SSDEEP
  
  12288:VkIybu8N3UzBStPzm4Al3Y0BDWixnLIIRjxr4XINb1wFwWoq+xZe3r:VkEBSta9vpNb1+wWorZ0r
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2