a9c88f6fbec89f907a4828c2910539b88bacb3ecd3e8d9f98c46b8692a637723 | Triage

Sharing

General

Target

a9c88f6fbec89f907a4828c2910539b88bacb3ecd3e8d9f98c46b8692a637723
Size

4.1MB
Sample

221204-gjwyzabg94
MD5

d00fcb37d3d87aecd2eabd04e6ec136a
SHA1

a810c3fefa8abd922f2c53b8a59b98137f82a6c0
SHA256

a9c88f6fbec89f907a4828c2910539b88bacb3ecd3e8d9f98c46b8692a637723
SHA512

4a096bb00c6a16d92a05f9d954e45b2783cbd3548a7929210196db5edbbc236c0b708aba49dd032aee4c8600fce89ba86a0e4960554ca999abe7f7dd4236f008
SSDEEP

98304:dMPL6QZVA6VAClkYt2V9tNm8xQ+FwTn+zBBnc2TTAZY:deLlZ+6VftEVzwT+VBnccT1

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a9c88f6fbec89f907a4828c2910539b88bacb3ecd3e8d9f98c46b8692a637723
- Size
  
  4.1MB
- MD5
  
  d00fcb37d3d87aecd2eabd04e6ec136a
- SHA1
  
  a810c3fefa8abd922f2c53b8a59b98137f82a6c0
- SHA256
  
  a9c88f6fbec89f907a4828c2910539b88bacb3ecd3e8d9f98c46b8692a637723
- SHA512
  
  4a096bb00c6a16d92a05f9d954e45b2783cbd3548a7929210196db5edbbc236c0b708aba49dd032aee4c8600fce89ba86a0e4960554ca999abe7f7dd4236f008
- SSDEEP
  
  98304:dMPL6QZVA6VAClkYt2V9tNm8xQ+FwTn+zBBnc2TTAZY:deLlZ+6VftEVzwT+VBnccT1
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2