8e89a63e6fdca1796d1f18e63f69f60a8acf9647a39239487ae0ed1d46052581 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e89a63e6fdca1796d1f18e63f69f60a8acf9647a39239487ae0ed1d46052581
Size

310KB
Sample

221205-p3r35abe83
MD5

2894b77a50aa4c6a08b35324dfba36aa
SHA1

f535562f72be343b9ceead8cb5e39217b6a554db
SHA256

8e89a63e6fdca1796d1f18e63f69f60a8acf9647a39239487ae0ed1d46052581
SHA512

af359a92379fdf078ef0418a271dd245008794da1f20ca05827171f9e9b9bbf216f22e49f43121b271aca23099cfa128cd2eddad856ca322810943f2aea30d8f
SSDEEP

6144:5Um2TuCtUlT372dlG7zEA/A6wSNGtaQLzgftTdmiTbR1HQHhMG/7ZaZ4tuRh5:Ziti37HvEJHHvstdmq1QBM8taZ4AP5

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  8e89a63e6fdca1796d1f18e63f69f60a8acf9647a39239487ae0ed1d46052581
- Size
  
  310KB
- MD5
  
  2894b77a50aa4c6a08b35324dfba36aa
- SHA1
  
  f535562f72be343b9ceead8cb5e39217b6a554db
- SHA256
  
  8e89a63e6fdca1796d1f18e63f69f60a8acf9647a39239487ae0ed1d46052581
- SHA512
  
  af359a92379fdf078ef0418a271dd245008794da1f20ca05827171f9e9b9bbf216f22e49f43121b271aca23099cfa128cd2eddad856ca322810943f2aea30d8f
- SSDEEP
  
  6144:5Um2TuCtUlT372dlG7zEA/A6wSNGtaQLzgftTdmiTbR1HQHhMG/7ZaZ4tuRh5:Ziti37HvEJHHvstdmq1QBM8taZ4AP5
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence