a52b3d6de13c19bc415282ea6084984720bf453a7b7347185f49e66946ddff4b | Triage

Sharing

General

Target

a52b3d6de13c19bc415282ea6084984720bf453a7b7347185f49e66946ddff4b
Size

69KB
Sample

221129-ej8lnagd3y
MD5

d8ff54c058c80f42c262124e0ad582a9
SHA1

186c44abfeac9dbc7131ee6294168634b59c7a8d
SHA256

a52b3d6de13c19bc415282ea6084984720bf453a7b7347185f49e66946ddff4b
SHA512

8e4ad620b4e26f8955a03b0751b378b1b966359c63f0cdc9380dfff0587f0275584248242600fa3a5e5faae1ea41e88a2b792291cfc539e7de9c10a1e3a3a8b2
SSDEEP

1536:OYEiFMLao04I0QoWQII3dRlObu8x7Q5I/R:XEiFvo04jQuP3ROK8xQ5Ip

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a52b3d6de13c19bc415282ea6084984720bf453a7b7347185f49e66946ddff4b
- Size
  
  69KB
- MD5
  
  d8ff54c058c80f42c262124e0ad582a9
- SHA1
  
  186c44abfeac9dbc7131ee6294168634b59c7a8d
- SHA256
  
  a52b3d6de13c19bc415282ea6084984720bf453a7b7347185f49e66946ddff4b
- SHA512
  
  8e4ad620b4e26f8955a03b0751b378b1b966359c63f0cdc9380dfff0587f0275584248242600fa3a5e5faae1ea41e88a2b792291cfc539e7de9c10a1e3a3a8b2
- SSDEEP
  
  1536:OYEiFMLao04I0QoWQII3dRlObu8x7Q5I/R:XEiFvo04jQuP3ROK8xQ5Ip
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2