6478ec5b4b5167d98e433b4128d8a3683344d3538fa959f7b56c9b72ddbe478f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6478ec5b4b5167d98e433b4128d8a3683344d3538fa959f7b56c9b72ddbe478f
Size

64KB
Sample

221202-yssfksdd8z
MD5

df366b4e3b14983b61172fab9e24b89d
SHA1

256dec42c97f5c14e9b7a06525781a4b64ff2472
SHA256

6478ec5b4b5167d98e433b4128d8a3683344d3538fa959f7b56c9b72ddbe478f
SHA512

0f185e2f4f67bb24dbaffb6c29fa95a186ce9be46e7343c5b31de5fab55c7fab4b4346e3df1c8a26fb5120fc98ba51f7e918f6be01081e92ce441387bd037acb
SSDEEP

1536:Na0txjbILsVWxVIeSE8iGMI2yKQGf99HjI:M2xj7aQ70t

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  6478ec5b4b5167d98e433b4128d8a3683344d3538fa959f7b56c9b72ddbe478f
- Size
  
  64KB
- MD5
  
  df366b4e3b14983b61172fab9e24b89d
- SHA1
  
  256dec42c97f5c14e9b7a06525781a4b64ff2472
- SHA256
  
  6478ec5b4b5167d98e433b4128d8a3683344d3538fa959f7b56c9b72ddbe478f
- SHA512
  
  0f185e2f4f67bb24dbaffb6c29fa95a186ce9be46e7343c5b31de5fab55c7fab4b4346e3df1c8a26fb5120fc98ba51f7e918f6be01081e92ce441387bd037acb
- SSDEEP
  
  1536:Na0txjbILsVWxVIeSE8iGMI2yKQGf99HjI:M2xj7aQ70t
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2