feff48dbec77da1c81729746bb0eaa86962b80c5ea6900fe9c25f184157f5ffb | Triage

Sharing

General

Target

feff48dbec77da1c81729746bb0eaa86962b80c5ea6900fe9c25f184157f5ffb
Size

841KB
Sample

221128-scm82abh77
MD5

f3723316ea9e9ca580f47c7c66d0bbac
SHA1

046519fe23523cb7e5b1c78b9088aa26fe39cbb4
SHA256

feff48dbec77da1c81729746bb0eaa86962b80c5ea6900fe9c25f184157f5ffb
SHA512

359604062b283162a1434ab91fb2e5dfee9d7ae99bf34aa3ed1bd47c7d6fa3e67097d7568cbf96eaa976c992ee417821fb59f72c6ad0707ce8e16a94d792b438
SSDEEP

12288:zENN+T5xYrllrU7QY6dM7VLbToNzkTW8nsWHd5u8etTH1Z7KconCG/z+lq:Z5xolYQY6aVnsWHHyfZ7KcoCG/z+lq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  feff48dbec77da1c81729746bb0eaa86962b80c5ea6900fe9c25f184157f5ffb
- Size
  
  841KB
- MD5
  
  f3723316ea9e9ca580f47c7c66d0bbac
- SHA1
  
  046519fe23523cb7e5b1c78b9088aa26fe39cbb4
- SHA256
  
  feff48dbec77da1c81729746bb0eaa86962b80c5ea6900fe9c25f184157f5ffb
- SHA512
  
  359604062b283162a1434ab91fb2e5dfee9d7ae99bf34aa3ed1bd47c7d6fa3e67097d7568cbf96eaa976c992ee417821fb59f72c6ad0707ce8e16a94d792b438
- SSDEEP
  
  12288:zENN+T5xYrllrU7QY6dM7VLbToNzkTW8nsWHd5u8etTH1Z7KconCG/z+lq:Z5xolYQY6aVnsWHHyfZ7KcoCG/z+lq
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence