af0597b3d2659d1fbea8a4b875e3e2e3f7d09cd8c60b71dbf2c68c7fcfb8ae0a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af0597b3d2659d1fbea8a4b875e3e2e3f7d09cd8c60b71dbf2c68c7fcfb8ae0a
Size

1.2MB
Sample

221203-aphj7scd3w
MD5

f20b7ac21715496df299568eb0a08165
SHA1

44dea13e2da6256757f19cfd5f3029630ed742bd
SHA256

af0597b3d2659d1fbea8a4b875e3e2e3f7d09cd8c60b71dbf2c68c7fcfb8ae0a
SHA512

b0044ac0a97b20c941d685e425feb499fe63a17160bf30858aecdad9da280d7fe1a06f8c715ebb0299f0f02b464eba14c3ab2ee7b7a06f46e146990d483e3cb4
SSDEEP

12288:9X/eOyaiqOHdyELQDEI04EAihYHfXnc3pW0MIVABer:9X/eO4qxELQpYic3pW0P6Ber

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  af0597b3d2659d1fbea8a4b875e3e2e3f7d09cd8c60b71dbf2c68c7fcfb8ae0a
- Size
  
  1.2MB
- MD5
  
  f20b7ac21715496df299568eb0a08165
- SHA1
  
  44dea13e2da6256757f19cfd5f3029630ed742bd
- SHA256
  
  af0597b3d2659d1fbea8a4b875e3e2e3f7d09cd8c60b71dbf2c68c7fcfb8ae0a
- SHA512
  
  b0044ac0a97b20c941d685e425feb499fe63a17160bf30858aecdad9da280d7fe1a06f8c715ebb0299f0f02b464eba14c3ab2ee7b7a06f46e146990d483e3cb4
- SSDEEP
  
  12288:9X/eOyaiqOHdyELQDEI04EAihYHfXnc3pW0MIVABer:9X/eO4qxELQpYic3pW0P6Ber
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2