b1fa12e105c978c84bfd398fcc6549d602fd9986f4af3895cf5073a06187243a | Triage

Sharing

General

Target

b1fa12e105c978c84bfd398fcc6549d602fd9986f4af3895cf5073a06187243a
Size

213KB
Sample

221127-jgj8hadh2s
MD5

c891fb2c35cb2a1ebd19f877ea058293
SHA1

616d8bbc62c613049e474a5c84ee498ba3005bcc
SHA256

b1fa12e105c978c84bfd398fcc6549d602fd9986f4af3895cf5073a06187243a
SHA512

815aaaf96cc40388ba8491674e61a1ea30c790aa13671796cb6dfb67e61817e0f575e82fb1238d59caeae4ef213dcae88efb06c2e66cad002199c3bee85c8c3c
SSDEEP

3072:MRb3lRU5tngTkdny5g4fX6y9c0qKyBQJvU4MrHDqeXsGKLu8F3HOwE2U:607wkd6g4fX6Qc8yeNUhrpXsGKLu8Nr

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b1fa12e105c978c84bfd398fcc6549d602fd9986f4af3895cf5073a06187243a
- Size
  
  213KB
- MD5
  
  c891fb2c35cb2a1ebd19f877ea058293
- SHA1
  
  616d8bbc62c613049e474a5c84ee498ba3005bcc
- SHA256
  
  b1fa12e105c978c84bfd398fcc6549d602fd9986f4af3895cf5073a06187243a
- SHA512
  
  815aaaf96cc40388ba8491674e61a1ea30c790aa13671796cb6dfb67e61817e0f575e82fb1238d59caeae4ef213dcae88efb06c2e66cad002199c3bee85c8c3c
- SSDEEP
  
  3072:MRb3lRU5tngTkdny5g4fX6y9c0qKyBQJvU4MrHDqeXsGKLu8F3HOwE2U:607wkd6g4fX6Qc8yeNUhrpXsGKLu8Nr
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2