7269fa8099ad81f6e79673537a8a0e48555ce0dc8ee74a6007540249989180c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7269fa8099ad81f6e79673537a8a0e48555ce0dc8ee74a6007540249989180c5
Size

96KB
Sample

221129-qm9tnscg66
MD5

54f4ba7b51ea0d91f4eea6422e7470bf
SHA1

08645d94fcbb5f2570022f05551e8da2cab054d4
SHA256

7269fa8099ad81f6e79673537a8a0e48555ce0dc8ee74a6007540249989180c5
SHA512

10e434623f9e4eba38bac58efabe3e9c041a3628191733a081543731b037b9a8c6559a5205276ec520accc9dc7c850e8d2a998d4c8ec095e057e63181de3dd4a
SSDEEP

1536:PiFMjbhnanpbEZWHCGXXLSXXXXXXXXXXXXXXXXXXXX4XXXXXXXXXXXXS2yto4+Gu:PiFYbMpb5HCGXXLSXXXXXXXXXXXXXXX3

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  7269fa8099ad81f6e79673537a8a0e48555ce0dc8ee74a6007540249989180c5
- Size
  
  96KB
- MD5
  
  54f4ba7b51ea0d91f4eea6422e7470bf
- SHA1
  
  08645d94fcbb5f2570022f05551e8da2cab054d4
- SHA256
  
  7269fa8099ad81f6e79673537a8a0e48555ce0dc8ee74a6007540249989180c5
- SHA512
  
  10e434623f9e4eba38bac58efabe3e9c041a3628191733a081543731b037b9a8c6559a5205276ec520accc9dc7c850e8d2a998d4c8ec095e057e63181de3dd4a
- SSDEEP
  
  1536:PiFMjbhnanpbEZWHCGXXLSXXXXXXXXXXXXXXXXXXXX4XXXXXXXXXXXXS2yto4+Gu:PiFYbMpb5HCGXXLSXXXXXXXXXXXXXXX3
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2