5a8f482899c2d41a44581b510027486819aeee64cb00216fec45382d831ce25a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a8f482899c2d41a44581b510027486819aeee64cb00216fec45382d831ce25a
Size

63KB
Sample

221201-3l949scd79
MD5

cf39e701c001550cd29aecce9b003fc9
SHA1

04db2207181ae9e5362cfe99a76b7e11c3bdfa4d
SHA256

5a8f482899c2d41a44581b510027486819aeee64cb00216fec45382d831ce25a
SHA512

0c422a9a146bc352d2c22dc73ed7dfd3601e50f640eb23f767d9875eac0f09bd93cf25577d11b56cd7e96bb8a4cdbbe53e817c98663ad40f69314897c71eff43
SSDEEP

768:4KPGlWqbiy0e0MhZ54JDT10HrJj0R19R28xdoa7FHVjYPqm0cdZUoZTlFJFsN1mm:QNGy0ahZ54cHrJjWz28xdFuTUNaZj

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5a8f482899c2d41a44581b510027486819aeee64cb00216fec45382d831ce25a
- Size
  
  63KB
- MD5
  
  cf39e701c001550cd29aecce9b003fc9
- SHA1
  
  04db2207181ae9e5362cfe99a76b7e11c3bdfa4d
- SHA256
  
  5a8f482899c2d41a44581b510027486819aeee64cb00216fec45382d831ce25a
- SHA512
  
  0c422a9a146bc352d2c22dc73ed7dfd3601e50f640eb23f767d9875eac0f09bd93cf25577d11b56cd7e96bb8a4cdbbe53e817c98663ad40f69314897c71eff43
- SSDEEP
  
  768:4KPGlWqbiy0e0MhZ54JDT10HrJj0R19R28xdoa7FHVjYPqm0cdZUoZTlFJFsN1mm:QNGy0ahZ54cHrJjWz28xdFuTUNaZj
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2