b391d1f9953e735ec56da9d2999c266eed64df9f6f6fde19ac7764a9012d344d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b391d1f9953e735ec56da9d2999c266eed64df9f6f6fde19ac7764a9012d344d
Size

64KB
Sample

221130-2z255sgb3t
MD5

ca98a70ee8747d57d2656e076a9b25a0
SHA1

40537f36a60534d73bef256b1c6591e1662c892e
SHA256

b391d1f9953e735ec56da9d2999c266eed64df9f6f6fde19ac7764a9012d344d
SHA512

871c4b03df44e81db12a105a978901ca7c1a810a0d1f1d92c90a332a406eeb75788a7dcc6fa661aacce82e9d2cd3a01ec7998b411cdce3a91754c892e74e59e8
SSDEEP

1536:Sct1hjbGYrXZk8Nwccm99dnszALc+ynSeY:SYhjaYrJkwwccC0Gb

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b391d1f9953e735ec56da9d2999c266eed64df9f6f6fde19ac7764a9012d344d
- Size
  
  64KB
- MD5
  
  ca98a70ee8747d57d2656e076a9b25a0
- SHA1
  
  40537f36a60534d73bef256b1c6591e1662c892e
- SHA256
  
  b391d1f9953e735ec56da9d2999c266eed64df9f6f6fde19ac7764a9012d344d
- SHA512
  
  871c4b03df44e81db12a105a978901ca7c1a810a0d1f1d92c90a332a406eeb75788a7dcc6fa661aacce82e9d2cd3a01ec7998b411cdce3a91754c892e74e59e8
- SSDEEP
  
  1536:Sct1hjbGYrXZk8Nwccm99dnszALc+ynSeY:SYhjaYrJkwwccC0Gb
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2