c81ea002e9f2ba699dffb21967cae71cb69f752e68b5685e427593312115d2d5 | Triage

Sharing

General

Target

c81ea002e9f2ba699dffb21967cae71cb69f752e68b5685e427593312115d2d5
Size

229KB
Sample

221124-x4hvvadh47
MD5

c47aa987badb19d02a57f926328fed40
SHA1

c697522e3380c705e34729f6f46c9d41e1e607a0
SHA256

c81ea002e9f2ba699dffb21967cae71cb69f752e68b5685e427593312115d2d5
SHA512

0495f79649eda3677d3f5838e09e9453a74d591e7df3b4e4aa1e5c5d4b9cb093eed1fb9fe9ed6bd3eb3a98ddec3158f8302f5e3def02240bf423617a8bdc27cf
SSDEEP

6144:0f98xp0yoxVwuvbGVG2yE9QvepAjkTlFLAw:OQpYiuvbGw0yEAjkTPd

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  sita.exe
- Size
  
  331KB
- MD5
  
  a01b9095e1c5b24279bf4b8587f0f156
- SHA1
  
  1acb07c459f20bbfb7aaa8289b63bba5eda7bb2c
- SHA256
  
  34b2479724a8efe6d04236305e15342378dca7ff5677a48b2943404b36e229fe
- SHA512
  
  f52c9f3263ac04ba803c0d564c6285adc80b4e84c95ccf88ca4812994fa82a60d65a7be6671ac762c0ec693c10b051e0733aa63689dad7e356ff0fda713f0b50
- SSDEEP
  
  6144:qlBswxp0yoxVGuvM/OHgyGFVzC+j5wGuGGbGmGOG2yG+GXGkGuGGpGGIGGHGGjGM:qlZpYMuvMKvGFVx2Wvo
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2