506b7b737075f3b7e4e413cb60897276a2ad9a2a1e580fe73211a00dfe0af37c | Triage

Sharing

General

Target

506b7b737075f3b7e4e413cb60897276a2ad9a2a1e580fe73211a00dfe0af37c
Size

51KB
Sample

221126-1z8r9agh77
MD5

c41c8e7401469ee50e1a665f4e1387f1
SHA1

b768aec2d2123fa58134b79ad5137b2b52c9ea60
SHA256

506b7b737075f3b7e4e413cb60897276a2ad9a2a1e580fe73211a00dfe0af37c
SHA512

47a7d1468ae5ccc1f88536e3622e228fbe8574d25067e5fb986aab24296951b6d0a6351c15eab5abdf8fb5555181a56b2561536bd5a5d21b5ba39e6cf6420bf9
SSDEEP

768:3tXNm2sCV6g3jYbiKY7IVqG0L6HpjxE7xhIEAKIkN5GJlZx60:i231TYy7IVWLItiYSX4lP

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  506b7b737075f3b7e4e413cb60897276a2ad9a2a1e580fe73211a00dfe0af37c
- Size
  
  51KB
- MD5
  
  c41c8e7401469ee50e1a665f4e1387f1
- SHA1
  
  b768aec2d2123fa58134b79ad5137b2b52c9ea60
- SHA256
  
  506b7b737075f3b7e4e413cb60897276a2ad9a2a1e580fe73211a00dfe0af37c
- SHA512
  
  47a7d1468ae5ccc1f88536e3622e228fbe8574d25067e5fb986aab24296951b6d0a6351c15eab5abdf8fb5555181a56b2561536bd5a5d21b5ba39e6cf6420bf9
- SSDEEP
  
  768:3tXNm2sCV6g3jYbiKY7IVqG0L6HpjxE7xhIEAKIkN5GJlZx60:i231TYy7IVWLItiYSX4lP
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2