efdc2582d26e5e452c01bb2b7561ec760176f49f7d17a31bee41480af9933ddb | Triage

Sharing

General

Target

efdc2582d26e5e452c01bb2b7561ec760176f49f7d17a31bee41480af9933ddb
Size

109KB
Sample

221204-ahhxdshh22
MD5

9278081fc31fcc3ed7fe73d3017e356d
SHA1

50c5987b0ba5304d0168f9ca7af5ddf383966b3b
SHA256

efdc2582d26e5e452c01bb2b7561ec760176f49f7d17a31bee41480af9933ddb
SHA512

076f40ed7a53bcec0df5f9cfaabf3f2a1394ed947835cd0a60c71ee3961aa700bf3d8d6b0272bdc985f62b36eaf38659efcb822e833bb4df5d032fe4ad110a44
SSDEEP

1536:CSVVNlLaF/buyVfsR1W5dou71Qx2aUUQk4oWl:HVNEF/bF9sLW5dou7ex2aUdzow

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  efdc2582d26e5e452c01bb2b7561ec760176f49f7d17a31bee41480af9933ddb
- Size
  
  109KB
- MD5
  
  9278081fc31fcc3ed7fe73d3017e356d
- SHA1
  
  50c5987b0ba5304d0168f9ca7af5ddf383966b3b
- SHA256
  
  efdc2582d26e5e452c01bb2b7561ec760176f49f7d17a31bee41480af9933ddb
- SHA512
  
  076f40ed7a53bcec0df5f9cfaabf3f2a1394ed947835cd0a60c71ee3961aa700bf3d8d6b0272bdc985f62b36eaf38659efcb822e833bb4df5d032fe4ad110a44
- SSDEEP
  
  1536:CSVVNlLaF/buyVfsR1W5dou71Qx2aUUQk4oWl:HVNEF/bF9sLW5dou7ex2aUdzow
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2