3dfda23af526f87ba4c39f8b0d875b741acf33dc37c76214b032702909a82013 | Triage

Sharing

General

Target

3dfda23af526f87ba4c39f8b0d875b741acf33dc37c76214b032702909a82013
Size

64KB
Sample

221202-aepkrsea88
MD5

85f4b6870834d414578ede3a42dfa61f
SHA1

ccc0f59b346fdc54f19392b262ac4535dad9b990
SHA256

3dfda23af526f87ba4c39f8b0d875b741acf33dc37c76214b032702909a82013
SHA512

f3eb2ea3436d6491621a43c1f2d16a161989fb5b063170e8b9d282e37d9bbfbb3e6431f454088977c986a04ef401a4c794dd92246ea63e79838494bae2b3c0b6
SSDEEP

1536:XdglbqT0oJAN904FLuoM0EOV+BZ22akK1SBQPvH2SKKXom/kD5x:XmM/4FLuolgBZ20KiQPv2ST/Q

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  3dfda23af526f87ba4c39f8b0d875b741acf33dc37c76214b032702909a82013
- Size
  
  64KB
- MD5
  
  85f4b6870834d414578ede3a42dfa61f
- SHA1
  
  ccc0f59b346fdc54f19392b262ac4535dad9b990
- SHA256
  
  3dfda23af526f87ba4c39f8b0d875b741acf33dc37c76214b032702909a82013
- SHA512
  
  f3eb2ea3436d6491621a43c1f2d16a161989fb5b063170e8b9d282e37d9bbfbb3e6431f454088977c986a04ef401a4c794dd92246ea63e79838494bae2b3c0b6
- SSDEEP
  
  1536:XdglbqT0oJAN904FLuoM0EOV+BZ22akK1SBQPvH2SKKXom/kD5x:XmM/4FLuolgBZ20KiQPv2ST/Q
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2