caab843ec14f8f9f5f5866e6a8d363c9afd40efb5a7e2c04bc4b7df2043bb08f | Triage

Sharing

General

Target

caab843ec14f8f9f5f5866e6a8d363c9afd40efb5a7e2c04bc4b7df2043bb08f
Size

64KB
Sample

221128-e3pynaef59
MD5

03e13550b26710d712c55f4f109c46f8
SHA1

66c84d55c674038b69a18f6260b6a8fc5f3983d9
SHA256

caab843ec14f8f9f5f5866e6a8d363c9afd40efb5a7e2c04bc4b7df2043bb08f
SHA512

7a1cdd0aa4e1825bf2962fde920a867a82a4a5a4eb2de6dd8f395d85d41560fbd331077524716dd5038d8cb8ee847c9eac2e6bd713c56e1e2b243befebd539d8
SSDEEP

768:J4JPHOF3W8nMIbk6KQVEs8rA7FYM9M6Ap9riiJoqNGoLpPQA+yw/:J4Jf83W8W60IL26Ap8iJvGo96F/

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  caab843ec14f8f9f5f5866e6a8d363c9afd40efb5a7e2c04bc4b7df2043bb08f
- Size
  
  64KB
- MD5
  
  03e13550b26710d712c55f4f109c46f8
- SHA1
  
  66c84d55c674038b69a18f6260b6a8fc5f3983d9
- SHA256
  
  caab843ec14f8f9f5f5866e6a8d363c9afd40efb5a7e2c04bc4b7df2043bb08f
- SHA512
  
  7a1cdd0aa4e1825bf2962fde920a867a82a4a5a4eb2de6dd8f395d85d41560fbd331077524716dd5038d8cb8ee847c9eac2e6bd713c56e1e2b243befebd539d8
- SSDEEP
  
  768:J4JPHOF3W8nMIbk6KQVEs8rA7FYM9M6Ap9riiJoqNGoLpPQA+yw/:J4Jf83W8W60IL26Ap8iJvGo96F/
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2