612c97e4d9d929a094826d134e15e6cf3a00668cce434a9a70525f7ab09f240d | Triage

Sharing

General

Target

612c97e4d9d929a094826d134e15e6cf3a00668cce434a9a70525f7ab09f240d
Size

58KB
Sample

221201-3eygwsbg75
MD5

55ad67cae98bd2c03245b3ebe548036e
SHA1

87a191dd2a972cd95f9e8e01d9e9228c5a6087f1
SHA256

612c97e4d9d929a094826d134e15e6cf3a00668cce434a9a70525f7ab09f240d
SHA512

c0b6e0835992462a9ec45efa88327ad8e4fe22923c4aaf5b9c11fc108e7a77b170eef9315ddf1a37570e905b61ba56033a248317c7a04c293a2f18a7ed9fe36d
SSDEEP

1536:MndEVw7aXA/S8nACBuoZB5FfqGSnw8xiMFvKymlfJr:MndEiUA/S8CoZPovxip/lfJ

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  612c97e4d9d929a094826d134e15e6cf3a00668cce434a9a70525f7ab09f240d
- Size
  
  58KB
- MD5
  
  55ad67cae98bd2c03245b3ebe548036e
- SHA1
  
  87a191dd2a972cd95f9e8e01d9e9228c5a6087f1
- SHA256
  
  612c97e4d9d929a094826d134e15e6cf3a00668cce434a9a70525f7ab09f240d
- SHA512
  
  c0b6e0835992462a9ec45efa88327ad8e4fe22923c4aaf5b9c11fc108e7a77b170eef9315ddf1a37570e905b61ba56033a248317c7a04c293a2f18a7ed9fe36d
- SSDEEP
  
  1536:MndEVw7aXA/S8nACBuoZB5FfqGSnw8xiMFvKymlfJr:MndEiUA/S8CoZPovxip/lfJ
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2