aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8
Size

95KB
Sample

221129-dqh4xadh3t
MD5

46d57ee6cecfba14ae3f30f3732da149
SHA1

a2cf4cb9ba0922e540fdd64d4c7aa131b5883a1b
SHA256

aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8
SHA512

41ff8222218557749415280200593f0cd507e54d52cab45dc337513adf67d25d7971a23ec6c2d1523af8507d67af125ebe3d081cf0255cee386cf96f5774ed20
SSDEEP

1536:bU2FvPyRtETKKF07CqF44jmF8A7FVHoGMpYvCGYw4gGsIQ8/5xLanTmRvzoQ7z+w:FnTmRbP7zP5WvY

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8
- Size
  
  95KB
- MD5
  
  46d57ee6cecfba14ae3f30f3732da149
- SHA1
  
  a2cf4cb9ba0922e540fdd64d4c7aa131b5883a1b
- SHA256
  
  aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8
- SHA512
  
  41ff8222218557749415280200593f0cd507e54d52cab45dc337513adf67d25d7971a23ec6c2d1523af8507d67af125ebe3d081cf0255cee386cf96f5774ed20
- SSDEEP
  
  1536:bU2FvPyRtETKKF07CqF44jmF8A7FVHoGMpYvCGYw4gGsIQ8/5xLanTmRvzoQ7z+w:FnTmRbP7zP5WvY
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2