ffb9b0085f81c9430338f2453ad9e6ce5bc9a57245cae6e0555599da34578f15 | Triage

Sharing

General

Target

ffb9b0085f81c9430338f2453ad9e6ce5bc9a57245cae6e0555599da34578f15
Size

140KB
Sample

221125-x7x4yaab82
MD5

d78ba016553c66c5e47275d5ae6ae6c5
SHA1

f986fab573749f26efb419309bb9241aac62cdf8
SHA256

ffb9b0085f81c9430338f2453ad9e6ce5bc9a57245cae6e0555599da34578f15
SHA512

2d33e685579a947aa2f0b239b5a1edc27c116f1fa145fc9a12ba211b77c0e5630b840c4bb8b695c7e4bf3736ab14751cdf568e9d0897385297b18fa4f2197125
SSDEEP

3072:v32ts5kLHPgMT9/VAG/qZ4jiIrhRHKcucchFwyzTK:vGq2jLT9/24Xic8z

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ffb9b0085f81c9430338f2453ad9e6ce5bc9a57245cae6e0555599da34578f15
- Size
  
  140KB
- MD5
  
  d78ba016553c66c5e47275d5ae6ae6c5
- SHA1
  
  f986fab573749f26efb419309bb9241aac62cdf8
- SHA256
  
  ffb9b0085f81c9430338f2453ad9e6ce5bc9a57245cae6e0555599da34578f15
- SHA512
  
  2d33e685579a947aa2f0b239b5a1edc27c116f1fa145fc9a12ba211b77c0e5630b840c4bb8b695c7e4bf3736ab14751cdf568e9d0897385297b18fa4f2197125
- SSDEEP
  
  3072:v32ts5kLHPgMT9/VAG/qZ4jiIrhRHKcucchFwyzTK:vGq2jLT9/24Xic8z
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2