57a2d69ac2434a346732e02cc7174e6cd9936647f807d1c73234a4d9a7eec465 | Triage

Sharing

General

Target

57a2d69ac2434a346732e02cc7174e6cd9936647f807d1c73234a4d9a7eec465
Size

19KB
Sample

221125-zy939aaa8z
MD5

3e6fb4301843b10bcc24fb0457f9cec8
SHA1

fca75aa188a6133f00977a0c4ac3fc13c566da4b
SHA256

57a2d69ac2434a346732e02cc7174e6cd9936647f807d1c73234a4d9a7eec465
SHA512

f1343158fc87a128fc77f55597958f956c64d941e8873a38df0b5b30cba440f9d779c8c2a33d62ee1a59b55a0a6276f976e45fa2548005b205cd178e51c2a5cf
SSDEEP

384:00cQQO4iNOU79KQj/4807CGN0dp8z0qk4PM5pivBZ2tu6NONnUth:d91N51jh6CGKa0rMpZ2tu6MZUb

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  Hack-Sao-VTC-2014.exe
- Size
  
  43KB
- MD5
  
  754e83215ce5271d691335526bc0eb3b
- SHA1
  
  4834d4208519aebe907ef56e6adeaed81def77c6
- SHA256
  
  444664250c4794dc0744810361053e7a3f04932d0fd1c47bdaf9dc7483c4640b
- SHA512
  
  093677c82105139029c5df601745e165d06255ba15638211f81799b4c2b59f7fb01a6f848ea49d1308b74d6032ea96dcdf941c4c07af0d4792a641936e5f1339
- SSDEEP
  
  768:3PJadenAqtYQnaXH96rV2kllriFqR7Atmqfvfj7sMC72ZWzFwKF/Kppls:3PnAClrVLTrEqNAxvXsf7rzV/KpXs
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2