99bcf25d62057029d646c0299efc913a8b2786f9d247d1a1a4ca024f54f0cd00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99bcf25d62057029d646c0299efc913a8b2786f9d247d1a1a4ca024f54f0cd00
Size

206KB
Sample

221204-kz9fsahg7s
MD5

d618fa4b9567c05ac460a23520e49722
SHA1

9d424377f92f849f3fa2479978d215835de391f3
SHA256

99bcf25d62057029d646c0299efc913a8b2786f9d247d1a1a4ca024f54f0cd00
SHA512

80cc2be1e9390f482a69ce8b3b9ddc0a581c72e9fa58d0ccc5e8b5aa268c7fa13993de82605fce42949bce70fa94065803177453fa6f102d2ca9140a4844e97e
SSDEEP

3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAH:bbl5RKgOGqml80FrgTRHGvJI08iYF

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  99bcf25d62057029d646c0299efc913a8b2786f9d247d1a1a4ca024f54f0cd00
- Size
  
  206KB
- MD5
  
  d618fa4b9567c05ac460a23520e49722
- SHA1
  
  9d424377f92f849f3fa2479978d215835de391f3
- SHA256
  
  99bcf25d62057029d646c0299efc913a8b2786f9d247d1a1a4ca024f54f0cd00
- SHA512
  
  80cc2be1e9390f482a69ce8b3b9ddc0a581c72e9fa58d0ccc5e8b5aa268c7fa13993de82605fce42949bce70fa94065803177453fa6f102d2ca9140a4844e97e
- SSDEEP
  
  3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAH:bbl5RKgOGqml80FrgTRHGvJI08iYF
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence