be8d92d1284b391e985d34c2d10084e419b44e0ae601d5da090bb62b34e46c50 | Triage

Sharing

General

Target

be8d92d1284b391e985d34c2d10084e419b44e0ae601d5da090bb62b34e46c50
Size

184KB
Sample

221204-mj9sqaag26
MD5

27face62e87ecea542422d4a24fa2b60
SHA1

303b3f677ee902ebe4487499e1476afd086f3daa
SHA256

be8d92d1284b391e985d34c2d10084e419b44e0ae601d5da090bb62b34e46c50
SHA512

93466cacf8f2ecacffbdd2d3d79c0de461d8309c5188e4c7d983ad4af7287152f0b942e88fe6c0c9df463e6dcd282e86a30c468ee0924aaf0d0649581818e7ee
SSDEEP

3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1C:GWkWXV9wUezUroW+tCmCCfNGP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  be8d92d1284b391e985d34c2d10084e419b44e0ae601d5da090bb62b34e46c50
- Size
  
  184KB
- MD5
  
  27face62e87ecea542422d4a24fa2b60
- SHA1
  
  303b3f677ee902ebe4487499e1476afd086f3daa
- SHA256
  
  be8d92d1284b391e985d34c2d10084e419b44e0ae601d5da090bb62b34e46c50
- SHA512
  
  93466cacf8f2ecacffbdd2d3d79c0de461d8309c5188e4c7d983ad4af7287152f0b942e88fe6c0c9df463e6dcd282e86a30c468ee0924aaf0d0649581818e7ee
- SSDEEP
  
  3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1C:GWkWXV9wUezUroW+tCmCCfNGP
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence