6ce9f1ab2337f9a97f3849b6ea60a25d25700b6f5fa4e276bb429dff8daf4216 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ce9f1ab2337f9a97f3849b6ea60a25d25700b6f5fa4e276bb429dff8daf4216
Size

68KB
Sample

221203-k3d42sda51
MD5

01ead282b9a381c1ad65f902eda03600
SHA1

40af08bb883d1b62bc9a052c2f75efd622ce5ac6
SHA256

6ce9f1ab2337f9a97f3849b6ea60a25d25700b6f5fa4e276bb429dff8daf4216
SHA512

fb4fe49f613386978e2db3ff91f8883438c677083fc19c73507697301e1d95b64bb2d5e2566a3529415a59819bb5e0bc354453d9a4932fe52bf2445ddcb15b66
SSDEEP

1536:KB5z9Q8WeIFx0fIeFq4mRYT9seAYXqnOs/pn/CQiid9MJ7CHqcu:KB53In0AG0TfYMqQB9UzZ

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  6ce9f1ab2337f9a97f3849b6ea60a25d25700b6f5fa4e276bb429dff8daf4216
- Size
  
  68KB
- MD5
  
  01ead282b9a381c1ad65f902eda03600
- SHA1
  
  40af08bb883d1b62bc9a052c2f75efd622ce5ac6
- SHA256
  
  6ce9f1ab2337f9a97f3849b6ea60a25d25700b6f5fa4e276bb429dff8daf4216
- SHA512
  
  fb4fe49f613386978e2db3ff91f8883438c677083fc19c73507697301e1d95b64bb2d5e2566a3529415a59819bb5e0bc354453d9a4932fe52bf2445ddcb15b66
- SSDEEP
  
  1536:KB5z9Q8WeIFx0fIeFq4mRYT9seAYXqnOs/pn/CQiid9MJ7CHqcu:KB53In0AG0TfYMqQB9UzZ
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2