7d75b7874ebda81709fd06aade4c25a94edb785f7f396102d4a35deb895f8fab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d75b7874ebda81709fd06aade4c25a94edb785f7f396102d4a35deb895f8fab
Size

245KB
Sample

221201-c4at1sbe3t
MD5

138cec51bd5fef0a31f6a0d7a5e677b9
SHA1

d0aab7e3950018cd5f3f176db5b381d25adbe164
SHA256

7d75b7874ebda81709fd06aade4c25a94edb785f7f396102d4a35deb895f8fab
SHA512

14bf0c78eab7a98b7d7fad39f49097ecce325e62d3b0d1e47e0296e742c348c67091d93cb063276da751b382b6f72496a5fb874a5ebac6f37103ed3d4fbce492
SSDEEP

6144:mMWHbRh4N04G+U2cnJLaWVKhxQd91ShzXakv0h:zu4G4GlJLJKnw91SlXW

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  7d75b7874ebda81709fd06aade4c25a94edb785f7f396102d4a35deb895f8fab
- Size
  
  245KB
- MD5
  
  138cec51bd5fef0a31f6a0d7a5e677b9
- SHA1
  
  d0aab7e3950018cd5f3f176db5b381d25adbe164
- SHA256
  
  7d75b7874ebda81709fd06aade4c25a94edb785f7f396102d4a35deb895f8fab
- SHA512
  
  14bf0c78eab7a98b7d7fad39f49097ecce325e62d3b0d1e47e0296e742c348c67091d93cb063276da751b382b6f72496a5fb874a5ebac6f37103ed3d4fbce492
- SSDEEP
  
  6144:mMWHbRh4N04G+U2cnJLaWVKhxQd91ShzXakv0h:zu4G4GlJLJKnw91SlXW
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence