84e54de4d770f20b7d04684d411b24ccc224ead4702c6e509a51b57298b4b088 | Triage

Sharing

General

Target

84e54de4d770f20b7d04684d411b24ccc224ead4702c6e509a51b57298b4b088
Size

73KB
Sample

221129-hclebsea25
MD5

7cfc70b6fd49de90f3627c7bba14ed42
SHA1

718ecb57c81b3e57b3126182698073313fe12cb0
SHA256

84e54de4d770f20b7d04684d411b24ccc224ead4702c6e509a51b57298b4b088
SHA512

c5eda127bab70d7aa58fbd62a9c582b5a0555f5dce24c699861fd1aba54df09f8b1053b1ddcf144cae02a40de651119d9d1accf06bc5cb38500d525ce6166e9a
SSDEEP

1536:+WHyzq+5hRpfv77I/t9Lc1m+d/UWekTwDU26XrBfFztLXmqBbgfh3:+a//Lc/UTVl6XrBnXmUCh3

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  84e54de4d770f20b7d04684d411b24ccc224ead4702c6e509a51b57298b4b088
- Size
  
  73KB
- MD5
  
  7cfc70b6fd49de90f3627c7bba14ed42
- SHA1
  
  718ecb57c81b3e57b3126182698073313fe12cb0
- SHA256
  
  84e54de4d770f20b7d04684d411b24ccc224ead4702c6e509a51b57298b4b088
- SHA512
  
  c5eda127bab70d7aa58fbd62a9c582b5a0555f5dce24c699861fd1aba54df09f8b1053b1ddcf144cae02a40de651119d9d1accf06bc5cb38500d525ce6166e9a
- SSDEEP
  
  1536:+WHyzq+5hRpfv77I/t9Lc1m+d/UWekTwDU26XrBfFztLXmqBbgfh3:+a//Lc/UTVl6XrBnXmUCh3
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2