411de63b612351ac054d0fa225c94d0400f850c75b149beb93d4a8db29192bd0 | Triage

Sharing

General

Target

411de63b612351ac054d0fa225c94d0400f850c75b149beb93d4a8db29192bd0
Size

59KB
Sample

221125-jvz6waga3w
MD5

f57b890436bed61e6e8fc5c0dd6f79ad
SHA1

3640d24053c0c06c4a35c9b52f5591ca70aa1dd5
SHA256

411de63b612351ac054d0fa225c94d0400f850c75b149beb93d4a8db29192bd0
SHA512

f7adceefde8bd5951758b1c463a9bb237498c39ff247d390a1a0c910aa09e5aab4a466a1c21065c441a8407d18ae8572273df748f98139c2f92ed4bd9963199b
SSDEEP

1536:RLxLKKyuNSly6g5j5jec/amMmsmhP6Z/gC3ew:RLBKISly6gfImZNhM0

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  411de63b612351ac054d0fa225c94d0400f850c75b149beb93d4a8db29192bd0
- Size
  
  59KB
- MD5
  
  f57b890436bed61e6e8fc5c0dd6f79ad
- SHA1
  
  3640d24053c0c06c4a35c9b52f5591ca70aa1dd5
- SHA256
  
  411de63b612351ac054d0fa225c94d0400f850c75b149beb93d4a8db29192bd0
- SHA512
  
  f7adceefde8bd5951758b1c463a9bb237498c39ff247d390a1a0c910aa09e5aab4a466a1c21065c441a8407d18ae8572273df748f98139c2f92ed4bd9963199b
- SSDEEP
  
  1536:RLxLKKyuNSly6g5j5jec/amMmsmhP6Z/gC3ew:RLBKISly6gfImZNhM0
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2