122912df3753f727ea6d001465dfaa0c688b6113c0e67e3631c51961f8fae26d | Triage

Sharing

General

Target

122912df3753f727ea6d001465dfaa0c688b6113c0e67e3631c51961f8fae26d
Size

41KB
Sample

221201-j9wr1aad48
MD5

34d3ea911d097fb6c8982583fc5f4390
SHA1

3e4203bd2553f33f77b8041f619bc1afe24e8a00
SHA256

122912df3753f727ea6d001465dfaa0c688b6113c0e67e3631c51961f8fae26d
SHA512

1f1fab8a66ed2ae086daffe21e57de868ec102c9a00be9babcf11e23ae8a7c9076169b9cc5fe49ab9a654384bc814e03c5af8fd7e5eab83651e83a5f9d2f43c4
SSDEEP

768:PTAm5hiTllzeF/AJOTmbWa8RYdiU3/7Shy5nv9/Kzh9P0b:PLIcNTcWATPuhI9Czh50b

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  122912df3753f727ea6d001465dfaa0c688b6113c0e67e3631c51961f8fae26d
- Size
  
  41KB
- MD5
  
  34d3ea911d097fb6c8982583fc5f4390
- SHA1
  
  3e4203bd2553f33f77b8041f619bc1afe24e8a00
- SHA256
  
  122912df3753f727ea6d001465dfaa0c688b6113c0e67e3631c51961f8fae26d
- SHA512
  
  1f1fab8a66ed2ae086daffe21e57de868ec102c9a00be9babcf11e23ae8a7c9076169b9cc5fe49ab9a654384bc814e03c5af8fd7e5eab83651e83a5f9d2f43c4
- SSDEEP
  
  768:PTAm5hiTllzeF/AJOTmbWa8RYdiU3/7Shy5nv9/Kzh9P0b:PLIcNTcWATPuhI9Czh50b
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence