66c00e81f4f6ace82cec8891406f2c1ba7c0a7db106ec22dbfd35d782792f1da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66c00e81f4f6ace82cec8891406f2c1ba7c0a7db106ec22dbfd35d782792f1da
Size

368KB
Sample

221204-jccmvshb25
MD5

3b0dec9863e38ce0da591e4ced1fcbe0
SHA1

c6f4c48e92777ec7805f2cf3721482ac2efdee2b
SHA256

66c00e81f4f6ace82cec8891406f2c1ba7c0a7db106ec22dbfd35d782792f1da
SHA512

ac7995b97ce0473aff731767357dd4193f8f09214e31e73acaaefc45be97279cf16c7967d14b1bae082a2a6454f761080fb7813901798f3cc42376fdd2ba5d45
SSDEEP

3072:z6l775ajl6IoSGzQAdXaewV2dker1TWh1do7PWm+apnCBHUP8uiqJhu+caW24jGd:zgUjdMq/9er1KHdoyXeChpGpf7JD

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  66c00e81f4f6ace82cec8891406f2c1ba7c0a7db106ec22dbfd35d782792f1da
- Size
  
  368KB
- MD5
  
  3b0dec9863e38ce0da591e4ced1fcbe0
- SHA1
  
  c6f4c48e92777ec7805f2cf3721482ac2efdee2b
- SHA256
  
  66c00e81f4f6ace82cec8891406f2c1ba7c0a7db106ec22dbfd35d782792f1da
- SHA512
  
  ac7995b97ce0473aff731767357dd4193f8f09214e31e73acaaefc45be97279cf16c7967d14b1bae082a2a6454f761080fb7813901798f3cc42376fdd2ba5d45
- SSDEEP
  
  3072:z6l775ajl6IoSGzQAdXaewV2dker1TWh1do7PWm+apnCBHUP8uiqJhu+caW24jGd:zgUjdMq/9er1KHdoyXeChpGpf7JD
Score

8^/10

evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence