b589714421a06f4639c5abbf7be3fcb1d1251bd82e669c9a252b9a7bbe3ad8fd | Triage

Sharing

General

Target

b589714421a06f4639c5abbf7be3fcb1d1251bd82e669c9a252b9a7bbe3ad8fd
Size

101KB
Sample

221201-xq22kabe27
MD5

c6b1c1d86809801a3f8003538861d5b4
SHA1

9b518f14587b3a1489d57b761ad5af7200567310
SHA256

b589714421a06f4639c5abbf7be3fcb1d1251bd82e669c9a252b9a7bbe3ad8fd
SHA512

22ab21722e076c66999f5896bdefac78606e8928132e6b595565747eb9595b65fce8f1597e64c1c5b3cf8f08c509a8b6e5ba1106fbb9c33346add6e54cee4e62
SSDEEP

1536:cDti6KZiKx8La8wenOadt+xButh6GEbDNZRAfC0TOA:cDti6GisPQO1bwEbXRMCA

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b589714421a06f4639c5abbf7be3fcb1d1251bd82e669c9a252b9a7bbe3ad8fd
- Size
  
  101KB
- MD5
  
  c6b1c1d86809801a3f8003538861d5b4
- SHA1
  
  9b518f14587b3a1489d57b761ad5af7200567310
- SHA256
  
  b589714421a06f4639c5abbf7be3fcb1d1251bd82e669c9a252b9a7bbe3ad8fd
- SHA512
  
  22ab21722e076c66999f5896bdefac78606e8928132e6b595565747eb9595b65fce8f1597e64c1c5b3cf8f08c509a8b6e5ba1106fbb9c33346add6e54cee4e62
- SSDEEP
  
  1536:cDti6KZiKx8La8wenOadt+xButh6GEbDNZRAfC0TOA:cDti6GisPQO1bwEbXRMCA
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2