b6c3e43ab0cf970af604679672d046ee60c204a1a07b3e85c8b4dcbf6ad79151 | Triage

Sharing

General

Target

b6c3e43ab0cf970af604679672d046ee60c204a1a07b3e85c8b4dcbf6ad79151
Size

58KB
Sample

221202-w9qbface93
MD5

e38f108175876675f72b8038d8d9139b
SHA1

c43ff4def8c9bc3fbe983a47703c66733ea0e746
SHA256

b6c3e43ab0cf970af604679672d046ee60c204a1a07b3e85c8b4dcbf6ad79151
SHA512

f2d1baf7d63724d88b273c2444d679bf3efbb2ea732354f357dedf1199f26f51579ccaf1eafd2738f0342f9ccfc3d06ec004d0607c6d429d2fb340729e987914
SSDEEP

768:cHJ23AxD34Pzjia48fkB3XyrkN5qlMWs+M4qE0JugxQH+YqxmzSd:f0DU6xyrIomJDxnCtS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b6c3e43ab0cf970af604679672d046ee60c204a1a07b3e85c8b4dcbf6ad79151
- Size
  
  58KB
- MD5
  
  e38f108175876675f72b8038d8d9139b
- SHA1
  
  c43ff4def8c9bc3fbe983a47703c66733ea0e746
- SHA256
  
  b6c3e43ab0cf970af604679672d046ee60c204a1a07b3e85c8b4dcbf6ad79151
- SHA512
  
  f2d1baf7d63724d88b273c2444d679bf3efbb2ea732354f357dedf1199f26f51579ccaf1eafd2738f0342f9ccfc3d06ec004d0607c6d429d2fb340729e987914
- SSDEEP
  
  768:cHJ23AxD34Pzjia48fkB3XyrkN5qlMWs+M4qE0JugxQH+YqxmzSd:f0DU6xyrIomJDxnCtS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2