10b89f029178579fadcf5b7c00dce081f6da8567258a5ace08225c6f44c4e49b | Triage

Sharing

General

Target

10b89f029178579fadcf5b7c00dce081f6da8567258a5ace08225c6f44c4e49b
Size

359KB
Sample

221127-xpdycafb5x
MD5

17d5e6fd8ca07646265c754a5eb77943
SHA1

0585e91e62c891a80a1b6666ac25814fc185a980
SHA256

10b89f029178579fadcf5b7c00dce081f6da8567258a5ace08225c6f44c4e49b
SHA512

3c2c05b706a6f98b101f606db99dd9e0a0d22ca5a0b9b582840ccd8dc1d8649a2c74f52536a6f680f8eef2adcaa6a580e440389138678e7dab384a1b911a398d
SSDEEP

1536:Qkw8pUg93/X3tsbfEvyO+FP3vf1zwQVgvXS:Qk9nx/NzvX+xn1zwLvX

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  10b89f029178579fadcf5b7c00dce081f6da8567258a5ace08225c6f44c4e49b
- Size
  
  359KB
- MD5
  
  17d5e6fd8ca07646265c754a5eb77943
- SHA1
  
  0585e91e62c891a80a1b6666ac25814fc185a980
- SHA256
  
  10b89f029178579fadcf5b7c00dce081f6da8567258a5ace08225c6f44c4e49b
- SHA512
  
  3c2c05b706a6f98b101f606db99dd9e0a0d22ca5a0b9b582840ccd8dc1d8649a2c74f52536a6f680f8eef2adcaa6a580e440389138678e7dab384a1b911a398d
- SSDEEP
  
  1536:Qkw8pUg93/X3tsbfEvyO+FP3vf1zwQVgvXS:Qk9nx/NzvX+xn1zwLvX
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2