b18a8c930ab096bf0f84695d80680291600c1cc68d29e5f901d84b94681ca04d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b18a8c930ab096bf0f84695d80680291600c1cc68d29e5f901d84b94681ca04d
Size

335KB
Sample

221203-h2mzfshh4v
MD5

d65007f94e4c275334a5112dbc9ed2a8
SHA1

5c43d30548a059cf588bed04d1701a956600d0ef
SHA256

b18a8c930ab096bf0f84695d80680291600c1cc68d29e5f901d84b94681ca04d
SHA512

f9809280bdfdc3c5fd724011644951097a4b2837a5b0b3b97c2e31c046b0fafb20d5b68ac67be6a16b32b04879ef094b8f5b21bd0762d019cb1d0ca4de28b514
SSDEEP

6144:5DTkT+bYTdPpcjNE4IitaE5XGUSa2Ux4S+RFWKvk6f:CT5TDc64IitaF5arik

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b18a8c930ab096bf0f84695d80680291600c1cc68d29e5f901d84b94681ca04d
- Size
  
  335KB
- MD5
  
  d65007f94e4c275334a5112dbc9ed2a8
- SHA1
  
  5c43d30548a059cf588bed04d1701a956600d0ef
- SHA256
  
  b18a8c930ab096bf0f84695d80680291600c1cc68d29e5f901d84b94681ca04d
- SHA512
  
  f9809280bdfdc3c5fd724011644951097a4b2837a5b0b3b97c2e31c046b0fafb20d5b68ac67be6a16b32b04879ef094b8f5b21bd0762d019cb1d0ca4de28b514
- SSDEEP
  
  6144:5DTkT+bYTdPpcjNE4IitaE5XGUSa2Ux4S+RFWKvk6f:CT5TDc64IitaF5arik
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2