e3fcfd129c2d74f127b42cff0d65d9ede6af74502d8496bc600625b18ef81388 | Triage

Sharing

General

Target

e3fcfd129c2d74f127b42cff0d65d9ede6af74502d8496bc600625b18ef81388
Size

59KB
Sample

221204-qsfssach99
MD5

65ffd86d7495bab215eefebc30a51d7b
SHA1

8029a7d97004faba3a4c3b9964974895660e7f91
SHA256

e3fcfd129c2d74f127b42cff0d65d9ede6af74502d8496bc600625b18ef81388
SHA512

bab59b6b33a038002c27ca57f296d34d30c3f21a4b62416e65d976f549984f56670799dc797bed5fa5b367eefd31b3eb73afcd88525d7f7bee9afe4b4e36abe6
SSDEEP

1536:gJLGIey2+rVJAM2jmjPwecHTh7OHZ3pr7:gJL3J2BMJOT4pp

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  e3fcfd129c2d74f127b42cff0d65d9ede6af74502d8496bc600625b18ef81388
- Size
  
  59KB
- MD5
  
  65ffd86d7495bab215eefebc30a51d7b
- SHA1
  
  8029a7d97004faba3a4c3b9964974895660e7f91
- SHA256
  
  e3fcfd129c2d74f127b42cff0d65d9ede6af74502d8496bc600625b18ef81388
- SHA512
  
  bab59b6b33a038002c27ca57f296d34d30c3f21a4b62416e65d976f549984f56670799dc797bed5fa5b367eefd31b3eb73afcd88525d7f7bee9afe4b4e36abe6
- SSDEEP
  
  1536:gJLGIey2+rVJAM2jmjPwecHTh7OHZ3pr7:gJL3J2BMJOT4pp
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2