747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932 | Triage

Sharing

General

Target

747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932
Size

96KB
Sample

221124-3rhxzabc8x
MD5

d50ae3b9f4ed137494ad275344c3234e
SHA1

a3715d6c87cbabbbfa441d1c1ba838283d43b284
SHA256

747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932
SHA512

4a599c00c954abb75b30dc965bac7613889388239efc1d831238eb6e94c148045f0aaba45793e48613b8063ddfd0090033596c7b1e2b1aae7d1dcb144ea63585
SSDEEP

1536:2Y3sO2VIrTgked9k9tVijJ/oFuKLD/M0TYu8E6FB2ujm4G:2jO2/ld2VijJ/orplWcu

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932
- Size
  
  96KB
- MD5
  
  d50ae3b9f4ed137494ad275344c3234e
- SHA1
  
  a3715d6c87cbabbbfa441d1c1ba838283d43b284
- SHA256
  
  747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932
- SHA512
  
  4a599c00c954abb75b30dc965bac7613889388239efc1d831238eb6e94c148045f0aaba45793e48613b8063ddfd0090033596c7b1e2b1aae7d1dcb144ea63585
- SSDEEP
  
  1536:2Y3sO2VIrTgked9k9tVijJ/oFuKLD/M0TYu8E6FB2ujm4G:2jO2/ld2VijJ/orplWcu
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2