50d213dd47b37a959872d4421c03bc0d2fc76b831f70d3eaaff0ccb0e4cca6d2 | Triage

Sharing

General

Target

50d213dd47b37a959872d4421c03bc0d2fc76b831f70d3eaaff0ccb0e4cca6d2
Size

102KB
Sample

221125-1m17mshb25
MD5

3e429ad08145105b7a15ad0537be1217
SHA1

75a23f734849e428471ebd2de33f71565e38a735
SHA256

50d213dd47b37a959872d4421c03bc0d2fc76b831f70d3eaaff0ccb0e4cca6d2
SHA512

1e0102415d8a99cfe4785c293aa42c2ded232bfe7dc1994af5d5e0240b3de86ddbb8ca735cd08df7dfa3717d06d0799d20e59bef311992917b696a85019ad2f3
SSDEEP

3072:9a4GvOcgSzC9Kxm4+oo9qZB8UHfluFzJWCwM:9xch0dFzJF

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  50d213dd47b37a959872d4421c03bc0d2fc76b831f70d3eaaff0ccb0e4cca6d2
- Size
  
  102KB
- MD5
  
  3e429ad08145105b7a15ad0537be1217
- SHA1
  
  75a23f734849e428471ebd2de33f71565e38a735
- SHA256
  
  50d213dd47b37a959872d4421c03bc0d2fc76b831f70d3eaaff0ccb0e4cca6d2
- SHA512
  
  1e0102415d8a99cfe4785c293aa42c2ded232bfe7dc1994af5d5e0240b3de86ddbb8ca735cd08df7dfa3717d06d0799d20e59bef311992917b696a85019ad2f3
- SSDEEP
  
  3072:9a4GvOcgSzC9Kxm4+oo9qZB8UHfluFzJWCwM:9xch0dFzJF
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2