79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2
Size

58KB
Sample

221201-dg3f7ahc57
MD5

8c015620a9bc79ec1aaf58b9edab47b2
SHA1

16084c80ff739fdbe112d518b3bd4871ef3f3200
SHA256

79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2
SHA512

11fb55a6d3c84e2c25e79202e6440a2d99e41e962677217de78205eef8a56252fdb3839d3de3ee81be22ace33931c422e603db6d88da9ff40052431b068b7eb5
SSDEEP

1536:Bxq97DG+Cc22uWlFZEqLQw0qzGFGjLJECfzT70TM0w2:Bxq9tCctBlQcQw5LiYwTM0w

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2
- Size
  
  58KB
- MD5
  
  8c015620a9bc79ec1aaf58b9edab47b2
- SHA1
  
  16084c80ff739fdbe112d518b3bd4871ef3f3200
- SHA256
  
  79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2
- SHA512
  
  11fb55a6d3c84e2c25e79202e6440a2d99e41e962677217de78205eef8a56252fdb3839d3de3ee81be22ace33931c422e603db6d88da9ff40052431b068b7eb5
- SSDEEP
  
  1536:Bxq97DG+Cc22uWlFZEqLQw0qzGFGjLJECfzT70TM0w2:Bxq9tCctBlQcQw5LiYwTM0w
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2