71767ffef6288085533b84a340850bf1d1f4e3fcc7497641991f593e95c26870 | Triage

Sharing

General

Target

71767ffef6288085533b84a340850bf1d1f4e3fcc7497641991f593e95c26870
Size

74KB
Sample

221129-gs34msfd6z
MD5

04c3aba7db7e8a132ec4282258fe3690
SHA1

82a9dfaeb8ff49616e786a65a5c5cf9e46bfb4ef
SHA256

71767ffef6288085533b84a340850bf1d1f4e3fcc7497641991f593e95c26870
SHA512

2ed490a57be125d33b2694eada7d0dbf8bbe4352ff940235047ee5fffcaf70cc4dd1a1bd35ac0d1bf76bd839998abf5147ec1b910f8a1b95bac55261c7c9e9fa
SSDEEP

1536:AJiiNJ/EgCSAqtl/+RSBl9b74VHiv3rBCaY0u:AJiOcg9AqtCSBf34gv3rBCaK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  71767ffef6288085533b84a340850bf1d1f4e3fcc7497641991f593e95c26870
- Size
  
  74KB
- MD5
  
  04c3aba7db7e8a132ec4282258fe3690
- SHA1
  
  82a9dfaeb8ff49616e786a65a5c5cf9e46bfb4ef
- SHA256
  
  71767ffef6288085533b84a340850bf1d1f4e3fcc7497641991f593e95c26870
- SHA512
  
  2ed490a57be125d33b2694eada7d0dbf8bbe4352ff940235047ee5fffcaf70cc4dd1a1bd35ac0d1bf76bd839998abf5147ec1b910f8a1b95bac55261c7c9e9fa
- SSDEEP
  
  1536:AJiiNJ/EgCSAqtl/+RSBl9b74VHiv3rBCaY0u:AJiOcg9AqtCSBf34gv3rBCaK
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence