9713d6197c93d74e74ec8b4ab7a064af9977edc376fe3c0dfd54a57f9e01cec0 | Triage

Sharing

General

Target

9713d6197c93d74e74ec8b4ab7a064af9977edc376fe3c0dfd54a57f9e01cec0
Size

206KB
Sample

221202-z85xaaeh26
MD5

e197ebe7cf195c474fb9b5ca74dcc3e2
SHA1

1fc001d76228f22bd68e66a2c1e3c42ffde3d5ab
SHA256

9713d6197c93d74e74ec8b4ab7a064af9977edc376fe3c0dfd54a57f9e01cec0
SHA512

52daf207443bebee69b49199d338ac91e0cb7bb6b3f85b1ab1cf8371a8967255964d1f3cc9b4a0bbc20a2eed8f102a4097f5b25b751dfcb01c3559faa3e572d5
SSDEEP

3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unoy:zvEN2U+T6i5LirrllHy4HUcMQY6fy

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9713d6197c93d74e74ec8b4ab7a064af9977edc376fe3c0dfd54a57f9e01cec0
- Size
  
  206KB
- MD5
  
  e197ebe7cf195c474fb9b5ca74dcc3e2
- SHA1
  
  1fc001d76228f22bd68e66a2c1e3c42ffde3d5ab
- SHA256
  
  9713d6197c93d74e74ec8b4ab7a064af9977edc376fe3c0dfd54a57f9e01cec0
- SHA512
  
  52daf207443bebee69b49199d338ac91e0cb7bb6b3f85b1ab1cf8371a8967255964d1f3cc9b4a0bbc20a2eed8f102a4097f5b25b751dfcb01c3559faa3e572d5
- SSDEEP
  
  3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unoy:zvEN2U+T6i5LirrllHy4HUcMQY6fy
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence