5d8e806ab999db99e095d3d1b6322a4e21934b4cf8b2456a8ba011009c0b7b3c | Triage

Sharing

General

Target

5d8e806ab999db99e095d3d1b6322a4e21934b4cf8b2456a8ba011009c0b7b3c
Size

81KB
Sample

221124-fydv9sed7t
MD5

a6f154313a388ef98c3057480e5ab0ce
SHA1

66a31cf5b42ac12b3fd7e2b56bea9d436bb8a5f5
SHA256

5d8e806ab999db99e095d3d1b6322a4e21934b4cf8b2456a8ba011009c0b7b3c
SHA512

5b4a67a83746f1b7e67ed41f2c14ffe66580a6187c9e34d5d0efb2146a846cd32504a30da8f37fbdb291738a7f3770a5ab56372c6c84201c6eb24b0d200f83db
SSDEEP

1536:AZtB3QtVbDkyJooi5TJc99v34PQEc4PpSo4oAWX76DfNNELk645jf:Af3QtVHkyCy9xIoGpxMWrgbj5z

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  5d8e806ab999db99e095d3d1b6322a4e21934b4cf8b2456a8ba011009c0b7b3c
- Size
  
  81KB
- MD5
  
  a6f154313a388ef98c3057480e5ab0ce
- SHA1
  
  66a31cf5b42ac12b3fd7e2b56bea9d436bb8a5f5
- SHA256
  
  5d8e806ab999db99e095d3d1b6322a4e21934b4cf8b2456a8ba011009c0b7b3c
- SHA512
  
  5b4a67a83746f1b7e67ed41f2c14ffe66580a6187c9e34d5d0efb2146a846cd32504a30da8f37fbdb291738a7f3770a5ab56372c6c84201c6eb24b0d200f83db
- SSDEEP
  
  1536:AZtB3QtVbDkyJooi5TJc99v34PQEc4PpSo4oAWX76DfNNELk645jf:Af3QtVHkyCy9xIoGpxMWrgbj5z
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2