8595064db1b871c99a35926a1861a8262b31e71da5d5251334103ab7739d56e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8595064db1b871c99a35926a1861a8262b31e71da5d5251334103ab7739d56e2
Size

82KB
Sample

221129-g9qvmsgg5x
MD5

90b94c88b708cddc8b956ccbb5a576c4
SHA1

4a6ff932616dab37112f74851e70269372a5a4f5
SHA256

8595064db1b871c99a35926a1861a8262b31e71da5d5251334103ab7739d56e2
SHA512

868407714e3e9cfb5dc6e2b0bcb1072b969a58304b153c75af164989866b3406a52dde4d67885aafd9747d92b00436dbe8e084a55a66774ccac10e7051147b3e
SSDEEP

768:+xF4OzBImMow7n7zMrjkX78YTqM7Mys8c4YVtpVoWb4mr9/lqy1gLa1Vf:xCMz7QrwXjTqLya4YnvLblr9/luLaL

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  8595064db1b871c99a35926a1861a8262b31e71da5d5251334103ab7739d56e2
- Size
  
  82KB
- MD5
  
  90b94c88b708cddc8b956ccbb5a576c4
- SHA1
  
  4a6ff932616dab37112f74851e70269372a5a4f5
- SHA256
  
  8595064db1b871c99a35926a1861a8262b31e71da5d5251334103ab7739d56e2
- SHA512
  
  868407714e3e9cfb5dc6e2b0bcb1072b969a58304b153c75af164989866b3406a52dde4d67885aafd9747d92b00436dbe8e084a55a66774ccac10e7051147b3e
- SSDEEP
  
  768:+xF4OzBImMow7n7zMrjkX78YTqM7Mys8c4YVtpVoWb4mr9/lqy1gLa1Vf:xCMz7QrwXjTqLya4YnvLblr9/luLaL
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2