9db8a006b682354624dd951da5975cf1dc4e5753e265309a556e589336dfd7fc | Triage

Sharing

General

Target

9db8a006b682354624dd951da5975cf1dc4e5753e265309a556e589336dfd7fc
Size

87KB
Sample

221129-e6ks4see78
MD5

4267c528adfa0b6277c0480a6b7a60e1
SHA1

1dd6afe98c775c1a2b6138007bf7694c6958f036
SHA256

9db8a006b682354624dd951da5975cf1dc4e5753e265309a556e589336dfd7fc
SHA512

d9333e128d0628d354823e66a66f821adae7c0cfe39f62d88c6994cbd085ee9168140afa5fd4bf6da346bff83557a1389e94db474cb392cb4103354917c02761
SSDEEP

1536:pIeeLv5AFE5fRQYSvzzmHiZcWgTP7+Kk5kxk:pIeYKIQ7bz/cWC+Kk5kxk

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  9db8a006b682354624dd951da5975cf1dc4e5753e265309a556e589336dfd7fc
- Size
  
  87KB
- MD5
  
  4267c528adfa0b6277c0480a6b7a60e1
- SHA1
  
  1dd6afe98c775c1a2b6138007bf7694c6958f036
- SHA256
  
  9db8a006b682354624dd951da5975cf1dc4e5753e265309a556e589336dfd7fc
- SHA512
  
  d9333e128d0628d354823e66a66f821adae7c0cfe39f62d88c6994cbd085ee9168140afa5fd4bf6da346bff83557a1389e94db474cb392cb4103354917c02761
- SSDEEP
  
  1536:pIeeLv5AFE5fRQYSvzzmHiZcWgTP7+Kk5kxk:pIeYKIQ7bz/cWC+Kk5kxk
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2