74cd7798dc7753b79b440da2ed7f72f00d74aa060e09b8928881f59a5616a3f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74cd7798dc7753b79b440da2ed7f72f00d74aa060e09b8928881f59a5616a3f4
Size

260KB
Sample

221204-mkdfxaag35
MD5

00328bae60e7bc746150c0dc6e0c3e60
SHA1

87d2b937b4b85d40320755497a603d2b2eb47ea3
SHA256

74cd7798dc7753b79b440da2ed7f72f00d74aa060e09b8928881f59a5616a3f4
SHA512

36cac492a46be00c7c1b4f1c710b8cecb1420d8e69b9b497a0798ed2f8e0dfe7a05ed6de7b720b0417e9a981b65e4bcae0b054eeeec20a86d902d1dca4f57f55
SSDEEP

3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1l:PWkWXV9wUezUroW+tCmCCfNG8

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  74cd7798dc7753b79b440da2ed7f72f00d74aa060e09b8928881f59a5616a3f4
- Size
  
  260KB
- MD5
  
  00328bae60e7bc746150c0dc6e0c3e60
- SHA1
  
  87d2b937b4b85d40320755497a603d2b2eb47ea3
- SHA256
  
  74cd7798dc7753b79b440da2ed7f72f00d74aa060e09b8928881f59a5616a3f4
- SHA512
  
  36cac492a46be00c7c1b4f1c710b8cecb1420d8e69b9b497a0798ed2f8e0dfe7a05ed6de7b720b0417e9a981b65e4bcae0b054eeeec20a86d902d1dca4f57f55
- SSDEEP
  
  3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1l:PWkWXV9wUezUroW+tCmCCfNG8
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence