4db7ac3337c048b18a43e6571fe9a13d9815edc4592c60b2f8ff6f280458095a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4db7ac3337c048b18a43e6571fe9a13d9815edc4592c60b2f8ff6f280458095a
Size

274KB
Sample

221127-2d4f3sdc98
MD5

0eebcda64552f699cb5f10a783479074
SHA1

922faa04ed1c705715038672d739e25429d8b4f7
SHA256

4db7ac3337c048b18a43e6571fe9a13d9815edc4592c60b2f8ff6f280458095a
SHA512

64dcac9aef01eb5b94b6f7b1bf4672b40521808308a5b5da85b84c7f610127cef0d75a262abf9a5246586611d63e952d5bfbc133909258cfd5b5e155f988bee1
SSDEEP

3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmX:7WkWXV9wUezUroW+tCmCCfNG53ZpX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4db7ac3337c048b18a43e6571fe9a13d9815edc4592c60b2f8ff6f280458095a
- Size
  
  274KB
- MD5
  
  0eebcda64552f699cb5f10a783479074
- SHA1
  
  922faa04ed1c705715038672d739e25429d8b4f7
- SHA256
  
  4db7ac3337c048b18a43e6571fe9a13d9815edc4592c60b2f8ff6f280458095a
- SHA512
  
  64dcac9aef01eb5b94b6f7b1bf4672b40521808308a5b5da85b84c7f610127cef0d75a262abf9a5246586611d63e952d5bfbc133909258cfd5b5e155f988bee1
- SSDEEP
  
  3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmX:7WkWXV9wUezUroW+tCmCCfNG53ZpX
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence