aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25
Size

293KB
Sample

221130-3bsr8shc7z
MD5

1c827b23f806d56d6d50b214b249a3be
SHA1

a04087fc07fe2398e9fdb5c4473d3c8fd9e0a567
SHA256

aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25
SHA512

1dd34c8203c1c8d3acdde0e36ccea78b8b8cf2948d30a705d55db7eae208166e63741dd9e55dde0ef3c08be230d04046dd27dffdcd6cc49101bcc4e6dddbad9c
SSDEEP

6144:gNwYOYeJpZ15X/wVaTM86j0XaFGLcNYvE26SMM6glM9cOeWbOmEx:cOYeJ/cETYj0XasINjhKMnJ

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25
- Size
  
  293KB
- MD5
  
  1c827b23f806d56d6d50b214b249a3be
- SHA1
  
  a04087fc07fe2398e9fdb5c4473d3c8fd9e0a567
- SHA256
  
  aef9a06f43b8b9edb3ff3be008a6d55104014194891ecc2b8c65c8e037275e25
- SHA512
  
  1dd34c8203c1c8d3acdde0e36ccea78b8b8cf2948d30a705d55db7eae208166e63741dd9e55dde0ef3c08be230d04046dd27dffdcd6cc49101bcc4e6dddbad9c
- SSDEEP
  
  6144:gNwYOYeJpZ15X/wVaTM86j0XaFGLcNYvE26SMM6glM9cOeWbOmEx:cOYeJ/cETYj0XasINjhKMnJ
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence