ef8efc67da5837d7083a21aca4976e4746643abfebbf2e9ab95f98dfed1e66b6 | Triage

Sharing

General

Target

ef8efc67da5837d7083a21aca4976e4746643abfebbf2e9ab95f98dfed1e66b6
Size

160KB
Sample

221204-btlcbsec72
MD5

0a46d65f51a00a684468d83fe55f5880
SHA1

f8ffb8ed9d550d255dbb7ed159a9658b7fa2b4cf
SHA256

ef8efc67da5837d7083a21aca4976e4746643abfebbf2e9ab95f98dfed1e66b6
SHA512

123d111a1c84e051c6a4679f9c16144b67185c181748182f9fc9333464c1b65275dd85d0dad0472332b4149a9d5e8151883db33e7eda5d9ccb7b51bac35d1d3f
SSDEEP

3072:DGyeT/ma/TMc1zwLvS+hYZ4z1sxtbjIUWnoRz:DG7T+Qwc1zPZ4zytbL

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ef8efc67da5837d7083a21aca4976e4746643abfebbf2e9ab95f98dfed1e66b6
- Size
  
  160KB
- MD5
  
  0a46d65f51a00a684468d83fe55f5880
- SHA1
  
  f8ffb8ed9d550d255dbb7ed159a9658b7fa2b4cf
- SHA256
  
  ef8efc67da5837d7083a21aca4976e4746643abfebbf2e9ab95f98dfed1e66b6
- SHA512
  
  123d111a1c84e051c6a4679f9c16144b67185c181748182f9fc9333464c1b65275dd85d0dad0472332b4149a9d5e8151883db33e7eda5d9ccb7b51bac35d1d3f
- SSDEEP
  
  3072:DGyeT/ma/TMc1zwLvS+hYZ4z1sxtbjIUWnoRz:DG7T+Qwc1zPZ4zytbL
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2