e1541a4a533a1ba9016c30a72efaa5b56809a791fbe3fb17a56aac6dd04c5dda | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1541a4a533a1ba9016c30a72efaa5b56809a791fbe3fb17a56aac6dd04c5dda
Size

54KB
Sample

221201-ryq2dacb5y
MD5

bcc7f24961ed6a56d5aabc6c014b4f2d
SHA1

053235bdd58338b7b49d3708bccbaa194cee2dd3
SHA256

e1541a4a533a1ba9016c30a72efaa5b56809a791fbe3fb17a56aac6dd04c5dda
SHA512

e846945873696d86bd1a1da10d62cb590a6f1961593a702eec8b5ac3cad79bcbb3d8d8b34fc39ead73f3717905775d62350f4a7c40a9f43c2e59ba69dceeb84f
SSDEEP

1536:SGyj1zFEesEKqfcWR7hFrH+BS+dgUUD/r1m:SzjEeoIBbrpcxUFm

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  e1541a4a533a1ba9016c30a72efaa5b56809a791fbe3fb17a56aac6dd04c5dda
- Size
  
  54KB
- MD5
  
  bcc7f24961ed6a56d5aabc6c014b4f2d
- SHA1
  
  053235bdd58338b7b49d3708bccbaa194cee2dd3
- SHA256
  
  e1541a4a533a1ba9016c30a72efaa5b56809a791fbe3fb17a56aac6dd04c5dda
- SHA512
  
  e846945873696d86bd1a1da10d62cb590a6f1961593a702eec8b5ac3cad79bcbb3d8d8b34fc39ead73f3717905775d62350f4a7c40a9f43c2e59ba69dceeb84f
- SSDEEP
  
  1536:SGyj1zFEesEKqfcWR7hFrH+BS+dgUUD/r1m:SzjEeoIBbrpcxUFm
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2