58c6330e8b09bc56d61b485b1188637fc768cd682ebb2122e344014ee0c8e000 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58c6330e8b09bc56d61b485b1188637fc768cd682ebb2122e344014ee0c8e000
Size

136KB
Sample

221201-3nr2gacf26
MD5

90906729a3f633fe6f220b35fa0e31e4
SHA1

39e1c5cbeeeaa0160c4c28c42d87afd1aac8cee6
SHA256

58c6330e8b09bc56d61b485b1188637fc768cd682ebb2122e344014ee0c8e000
SHA512

d380e662dfa0ccce1d646386578f505141973a7def5a39f7923b5d1fbdab56b41740961efaef3f9d295e0343848692affb02e61b30c275ed219714e4ef9e6cc1
SSDEEP

3072:rXsGeonkxJ6hFNCeo1cQs4l+TthBZWrK/x:rdeonKJ6bNC5lKLWr

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  58c6330e8b09bc56d61b485b1188637fc768cd682ebb2122e344014ee0c8e000
- Size
  
  136KB
- MD5
  
  90906729a3f633fe6f220b35fa0e31e4
- SHA1
  
  39e1c5cbeeeaa0160c4c28c42d87afd1aac8cee6
- SHA256
  
  58c6330e8b09bc56d61b485b1188637fc768cd682ebb2122e344014ee0c8e000
- SHA512
  
  d380e662dfa0ccce1d646386578f505141973a7def5a39f7923b5d1fbdab56b41740961efaef3f9d295e0343848692affb02e61b30c275ed219714e4ef9e6cc1
- SSDEEP
  
  3072:rXsGeonkxJ6hFNCeo1cQs4l+TthBZWrK/x:rdeonKJ6bNC5lKLWr
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2