Overview

overview

10

Static

static

6b5c1093d4...5b.exe

windows7-x64

1

6b5c1093d4...5b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b5c1093d41e082f28e92f5eeb7066c256e974131a43fc9a4106cd404e029c5b

  • Size

    52KB

  • Sample

    221124-q1xfhabg2z

  • MD5

    bab00bdff267945cfa55c998b7417a76

  • SHA1

    4e3491d322050d3090d84f6c6c5594b139b6b99c

  • SHA256

    6b5c1093d41e082f28e92f5eeb7066c256e974131a43fc9a4106cd404e029c5b

  • SHA512

    f3199d879b2ddba7440f26ba1adf2d0964fd1c7842558d5e5efe45c2b1041101e3ae33db48077cc44e14ab4dd2d1b435fd9f348f5c5e6a5ffbd30fbdcfdb7b03

  • SSDEEP

    768:NwoV3FrPxkhKQiUrityh7eHAGnI/EDmAne/m7DR0mnNc9XWTU5BvKJh:HPxBn0aDDZ/aWTRh

Score
10/10
persistence

Malware Config

Targets

    • Target

      6b5c1093d41e082f28e92f5eeb7066c256e974131a43fc9a4106cd404e029c5b

    • Size

      52KB

    • MD5

      bab00bdff267945cfa55c998b7417a76

    • SHA1

      4e3491d322050d3090d84f6c6c5594b139b6b99c

    • SHA256

      6b5c1093d41e082f28e92f5eeb7066c256e974131a43fc9a4106cd404e029c5b

    • SHA512

      f3199d879b2ddba7440f26ba1adf2d0964fd1c7842558d5e5efe45c2b1041101e3ae33db48077cc44e14ab4dd2d1b435fd9f348f5c5e6a5ffbd30fbdcfdb7b03

    • SSDEEP

      768:NwoV3FrPxkhKQiUrityh7eHAGnI/EDmAne/m7DR0mnNc9XWTU5BvKJh:HPxBn0aDDZ/aWTRh

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Modifies WinLogon

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks