8cc1a23725735f328834763c9884a015f7a0c0a7a887b0b0fcf660b638f92182 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8cc1a23725735f328834763c9884a015f7a0c0a7a887b0b0fcf660b638f92182
Size

83KB
Sample

221129-gertfseb6t
MD5

e3399966a1670483f5cf8f9b3aa614e4
SHA1

52e33835e7b70838eaa77fa779b4b1f8c29028df
SHA256

8cc1a23725735f328834763c9884a015f7a0c0a7a887b0b0fcf660b638f92182
SHA512

4e08cf65d91a1af5afc3eb898a8648c1063afe5325cad5834525500f44419766b68ef641b29cad336699fa0c0cb75ea9106340b456f6b3b38c6eb1e208a66b24
SSDEEP

1536:luACsyyYIyg0tWq/YtjTjIWr/qu9f6fd9u7GH9R14tc5F9WkmLUky/DEqHN:Ss0dWyYtfZ/vfaPdR14t+F9W0DEqHN

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  8cc1a23725735f328834763c9884a015f7a0c0a7a887b0b0fcf660b638f92182
- Size
  
  83KB
- MD5
  
  e3399966a1670483f5cf8f9b3aa614e4
- SHA1
  
  52e33835e7b70838eaa77fa779b4b1f8c29028df
- SHA256
  
  8cc1a23725735f328834763c9884a015f7a0c0a7a887b0b0fcf660b638f92182
- SHA512
  
  4e08cf65d91a1af5afc3eb898a8648c1063afe5325cad5834525500f44419766b68ef641b29cad336699fa0c0cb75ea9106340b456f6b3b38c6eb1e208a66b24
- SSDEEP
  
  1536:luACsyyYIyg0tWq/YtjTjIWr/qu9f6fd9u7GH9R14tc5F9WkmLUky/DEqHN:Ss0dWyYtfZ/vfaPdR14t+F9W0DEqHN
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2