388134a038f4df8fce457940d74909988551088ecdb029248cbf049807cc2cf6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

388134a038f4df8fce457940d74909988551088ecdb029248cbf049807cc2cf6
Size

132KB
Sample

221128-cg3xaabf7v
MD5

90038495a36e87f21e5223e91d8d8afc
SHA1

abba942f7e60c52d09949c5ab97b0b200cd1135f
SHA256

388134a038f4df8fce457940d74909988551088ecdb029248cbf049807cc2cf6
SHA512

3c7711584b8a14f2d9e85c2218c6bb5cc23b0307543a4e2724e6184399d8a0405f5762801f89de5060de0ded756749e21e51c850c2cb24aa8ab51901078e4976
SSDEEP

3072:oDeac3dX3sdfkIqgN9rxI8XgyFNVgXSFjrH:oCf3tsdfkIpNFxI8XX1gXSjrH

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  388134a038f4df8fce457940d74909988551088ecdb029248cbf049807cc2cf6
- Size
  
  132KB
- MD5
  
  90038495a36e87f21e5223e91d8d8afc
- SHA1
  
  abba942f7e60c52d09949c5ab97b0b200cd1135f
- SHA256
  
  388134a038f4df8fce457940d74909988551088ecdb029248cbf049807cc2cf6
- SHA512
  
  3c7711584b8a14f2d9e85c2218c6bb5cc23b0307543a4e2724e6184399d8a0405f5762801f89de5060de0ded756749e21e51c850c2cb24aa8ab51901078e4976
- SSDEEP
  
  3072:oDeac3dX3sdfkIqgN9rxI8XgyFNVgXSFjrH:oCf3tsdfkIpNFxI8XX1gXSjrH
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2