373f34dcfdd8b4ff2a9948b08a7f10535575f4c05423119dd05c354b5e2b8f7e | Triage

Sharing

General

Target

373f34dcfdd8b4ff2a9948b08a7f10535575f4c05423119dd05c354b5e2b8f7e
Size

58KB
Sample

221201-ge9dhaaa28
MD5

1e994e9030f8ed39de86d8231a43100c
SHA1

9f22e0ed6108a3664f5fcb40ba294ef073f02f2a
SHA256

373f34dcfdd8b4ff2a9948b08a7f10535575f4c05423119dd05c354b5e2b8f7e
SHA512

cf6fedf7a11022ea1319878969975df5a1fc3862b831f317cd37c9304cc4c36598c5e046a1040ee67d2bfd51c8057bf20b9ee6969a17c7c62a260a875b01b274
SSDEEP

1536:OnjQNQyQv+eQG0Fao67/uyH14Y5arB0k0+EHSnSnEXau:Onjr+eYu/uc4sMe3OXa

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  373f34dcfdd8b4ff2a9948b08a7f10535575f4c05423119dd05c354b5e2b8f7e
- Size
  
  58KB
- MD5
  
  1e994e9030f8ed39de86d8231a43100c
- SHA1
  
  9f22e0ed6108a3664f5fcb40ba294ef073f02f2a
- SHA256
  
  373f34dcfdd8b4ff2a9948b08a7f10535575f4c05423119dd05c354b5e2b8f7e
- SHA512
  
  cf6fedf7a11022ea1319878969975df5a1fc3862b831f317cd37c9304cc4c36598c5e046a1040ee67d2bfd51c8057bf20b9ee6969a17c7c62a260a875b01b274
- SSDEEP
  
  1536:OnjQNQyQv+eQG0Fao67/uyH14Y5arB0k0+EHSnSnEXau:Onjr+eYu/uc4sMe3OXa
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2