b50670e48fc3bfe9411fc256c1c78c1b553e7fba7fca572e9fa23365dd820080 | Triage

Sharing

General

Target

b50670e48fc3bfe9411fc256c1c78c1b553e7fba7fca572e9fa23365dd820080
Size

65KB
Sample

221123-ykhleaac94
MD5

597295614ee253687244e3414c3a23f0
SHA1

1946bf4fd1ec3f8b1f251a90952cad623c1383a7
SHA256

b50670e48fc3bfe9411fc256c1c78c1b553e7fba7fca572e9fa23365dd820080
SHA512

5c936d74a2611686cc2533b1a544c92fccc2640f8a31dcd6bb340dd44e7d30a1ce5a701e6addef5f00ffbb98dffac81831a2b07968e27ced554f8a8a12f3c017
SSDEEP

1536:2V0mTTtDOYjc9PqAnfWyGzAAClqKPLJ9mu6KoE9apYFsSPdkD6liAW2nylBZolwC:2DRUkf3hC4KPN936tE9PjdkD6liAWjl2

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b50670e48fc3bfe9411fc256c1c78c1b553e7fba7fca572e9fa23365dd820080
- Size
  
  65KB
- MD5
  
  597295614ee253687244e3414c3a23f0
- SHA1
  
  1946bf4fd1ec3f8b1f251a90952cad623c1383a7
- SHA256
  
  b50670e48fc3bfe9411fc256c1c78c1b553e7fba7fca572e9fa23365dd820080
- SHA512
  
  5c936d74a2611686cc2533b1a544c92fccc2640f8a31dcd6bb340dd44e7d30a1ce5a701e6addef5f00ffbb98dffac81831a2b07968e27ced554f8a8a12f3c017
- SSDEEP
  
  1536:2V0mTTtDOYjc9PqAnfWyGzAAClqKPLJ9mu6KoE9apYFsSPdkD6liAW2nylBZolwC:2DRUkf3hC4KPN936tE9PjdkD6liAWjl2
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2