0bde6570b4a4800b48a2436e922af1070604516e11dbc7fb0ce711a7d5c3f28b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bde6570b4a4800b48a2436e922af1070604516e11dbc7fb0ce711a7d5c3f28b
Size

55KB
Sample

221128-hak1sagf2v
MD5

79b69eb5a66461881660e9266e7835cd
SHA1

977e615bb1759d2d53ecbc99e8eb78dc5f0a9637
SHA256

0bde6570b4a4800b48a2436e922af1070604516e11dbc7fb0ce711a7d5c3f28b
SHA512

1948f3be9a4a8b515d4556d7bd2170ea8937385665bb22399ae022b3a8b4eb671f728f581060ddc21d7b0eca753cf4522c5e25b2cc951b7eca508be786ecc8a0
SSDEEP

768:DMchfkRDinqW0QQRJypzoeKfsdQ6lJJrk7R1hUHYtKJiL21v61fR4F4rmh:DMV+0QrpEeKf36lreZ6wMiL214ih

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0bde6570b4a4800b48a2436e922af1070604516e11dbc7fb0ce711a7d5c3f28b
- Size
  
  55KB
- MD5
  
  79b69eb5a66461881660e9266e7835cd
- SHA1
  
  977e615bb1759d2d53ecbc99e8eb78dc5f0a9637
- SHA256
  
  0bde6570b4a4800b48a2436e922af1070604516e11dbc7fb0ce711a7d5c3f28b
- SHA512
  
  1948f3be9a4a8b515d4556d7bd2170ea8937385665bb22399ae022b3a8b4eb671f728f581060ddc21d7b0eca753cf4522c5e25b2cc951b7eca508be786ecc8a0
- SSDEEP
  
  768:DMchfkRDinqW0QQRJypzoeKfsdQ6lJJrk7R1hUHYtKJiL21v61fR4F4rmh:DMV+0QrpEeKf36lreZ6wMiL214ih
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2