aaa36171dc2d828846efaa6dfe9baf1cb8b3685a15afbaa725c455c6189f1e67 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aaa36171dc2d828846efaa6dfe9baf1cb8b3685a15afbaa725c455c6189f1e67
Size

21KB
Sample

221201-yg58asec87
MD5

d2247e4013aadbffdf7459fd6e229114
SHA1

30b466152297653a8a58651cca7cbcba23195e9f
SHA256

aaa36171dc2d828846efaa6dfe9baf1cb8b3685a15afbaa725c455c6189f1e67
SHA512

eb9e62e5cb9229c44cd79d1471663855e7109883db08d035d74cb3bfc4ebecee70b5220799d2c15253843c6f883c7a5917f42301ccbd8162fac77f2fa9984a29
SSDEEP

384:X3hl3/UDX4yyYE0NksyOgOwCd7cLr+HXWqroWrUIzIv3wkHXSAdYmGurO26:hl3/UDX4yyY1DpwC1cLqGMdA3vUASmG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  aaa36171dc2d828846efaa6dfe9baf1cb8b3685a15afbaa725c455c6189f1e67
- Size
  
  21KB
- MD5
  
  d2247e4013aadbffdf7459fd6e229114
- SHA1
  
  30b466152297653a8a58651cca7cbcba23195e9f
- SHA256
  
  aaa36171dc2d828846efaa6dfe9baf1cb8b3685a15afbaa725c455c6189f1e67
- SHA512
  
  eb9e62e5cb9229c44cd79d1471663855e7109883db08d035d74cb3bfc4ebecee70b5220799d2c15253843c6f883c7a5917f42301ccbd8162fac77f2fa9984a29
- SSDEEP
  
  384:X3hl3/UDX4yyYE0NksyOgOwCd7cLr+HXWqroWrUIzIv3wkHXSAdYmGurO26:hl3/UDX4yyY1DpwC1cLqGMdA3vUASmG
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence