c78bb81ccd2d4faa4572e74960952854fa06f7e934aa3a966937a018fbc88a21 | Triage

Sharing

General

Target

c78bb81ccd2d4faa4572e74960952854fa06f7e934aa3a966937a018fbc88a21
Size

140KB
Sample

221204-l423yahd68
MD5

c4fc57f44b8fffd09f4886ef10b25b47
SHA1

b782f6fb6422ef51e4f853908e59686e8aa18827
SHA256

c78bb81ccd2d4faa4572e74960952854fa06f7e934aa3a966937a018fbc88a21
SHA512

3bdb47060e4bd9cc9c18fddc28f4f8ac3b40444ed55f73d00741ecdf6a1ff241166fe4ff2f59c721d8ce3434529c56ade66a2260d689cd89cdb941b7b170a944
SSDEEP

3072:GfWeOCUfINP/3lbFZBF2uJJoTzwnPTdBEX58z22pveQouvwttK:Gi5INn3lbFZCuaQsp8z22YQouvwtt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c78bb81ccd2d4faa4572e74960952854fa06f7e934aa3a966937a018fbc88a21
- Size
  
  140KB
- MD5
  
  c4fc57f44b8fffd09f4886ef10b25b47
- SHA1
  
  b782f6fb6422ef51e4f853908e59686e8aa18827
- SHA256
  
  c78bb81ccd2d4faa4572e74960952854fa06f7e934aa3a966937a018fbc88a21
- SHA512
  
  3bdb47060e4bd9cc9c18fddc28f4f8ac3b40444ed55f73d00741ecdf6a1ff241166fe4ff2f59c721d8ce3434529c56ade66a2260d689cd89cdb941b7b170a944
- SSDEEP
  
  3072:GfWeOCUfINP/3lbFZBF2uJJoTzwnPTdBEX58z22pveQouvwttK:Gi5INn3lbFZCuaQsp8z22YQouvwtt
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2