eb9d39d567c2dd46bcb169b332cbba9245bef228562fefe69b432afc2f74828d | Triage

Sharing

General

Target

eb9d39d567c2dd46bcb169b332cbba9245bef228562fefe69b432afc2f74828d
Size

136KB
Sample

221204-l44xjahd74
MD5

41ccbd655cb3422efe0b9188c8c27943
SHA1

3c62df984021b8fb3933efd26c026b7c16086577
SHA256

eb9d39d567c2dd46bcb169b332cbba9245bef228562fefe69b432afc2f74828d
SHA512

e6a8418a672b77ec76d622b729b12fd4726fda3a7d340a28da95f47ffda65b25addf7a3589d340151d3889bc9e0f4308f40511eea465f054911926656ea3c713
SSDEEP

3072:AYeOUhmPNPn5lbFvBFnvoNm3KPttgQW9oh8P34bCFe8Nnyo0Y6F:31Nv5lbFv7c3VIm8P34bge8Nnyo0Y

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  eb9d39d567c2dd46bcb169b332cbba9245bef228562fefe69b432afc2f74828d
- Size
  
  136KB
- MD5
  
  41ccbd655cb3422efe0b9188c8c27943
- SHA1
  
  3c62df984021b8fb3933efd26c026b7c16086577
- SHA256
  
  eb9d39d567c2dd46bcb169b332cbba9245bef228562fefe69b432afc2f74828d
- SHA512
  
  e6a8418a672b77ec76d622b729b12fd4726fda3a7d340a28da95f47ffda65b25addf7a3589d340151d3889bc9e0f4308f40511eea465f054911926656ea3c713
- SSDEEP
  
  3072:AYeOUhmPNPn5lbFvBFnvoNm3KPttgQW9oh8P34bCFe8Nnyo0Y6F:31Nv5lbFv7c3VIm8P34bge8Nnyo0Y
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2