fb220aa054951b1dc0f7984d668816a9bf04cf05d153c65613a927760db9edb7 | Triage

Sharing

General

Target

fb220aa054951b1dc0f7984d668816a9bf04cf05d153c65613a927760db9edb7
Size

213KB
Sample

221204-bfpgtsdb62
MD5

1be3512e2030086fc638204e73afa160
SHA1

c6e6c2259f5cc5349e0db4155434454e59d0f05e
SHA256

fb220aa054951b1dc0f7984d668816a9bf04cf05d153c65613a927760db9edb7
SHA512

a0e0553f6e936f617da1de61f70f3abe406ca5452174b27064c50a3cdca6070d874bcc1ff157c8a1f77f204fcd6577d5809edf814e316975c1c7b0e6f66105bd
SSDEEP

3072:Z59dDcVwmS4TQxHi8Synsc/Dop3AmSrrp69wiQHVED0/9WIt:ZJwSi+Sc/DWQXVAKVED0//

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  fb220aa054951b1dc0f7984d668816a9bf04cf05d153c65613a927760db9edb7
- Size
  
  213KB
- MD5
  
  1be3512e2030086fc638204e73afa160
- SHA1
  
  c6e6c2259f5cc5349e0db4155434454e59d0f05e
- SHA256
  
  fb220aa054951b1dc0f7984d668816a9bf04cf05d153c65613a927760db9edb7
- SHA512
  
  a0e0553f6e936f617da1de61f70f3abe406ca5452174b27064c50a3cdca6070d874bcc1ff157c8a1f77f204fcd6577d5809edf814e316975c1c7b0e6f66105bd
- SSDEEP
  
  3072:Z59dDcVwmS4TQxHi8Synsc/Dop3AmSrrp69wiQHVED0/9WIt:ZJwSi+Sc/DWQXVAKVED0//
Score

6^/10

persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2