a0ad97f49d5c6bbfa0938e773c7548eb2521f013b3e930abcab9fb3140944543 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0ad97f49d5c6bbfa0938e773c7548eb2521f013b3e930abcab9fb3140944543
Size

144KB
Sample

221206-kq2dtabe53
MD5

4590fc9c0139fbbb7f469c51a23c85bf
SHA1

b964a5eb65b881bfc6a19ff0367bcb731ec2a53f
SHA256

a0ad97f49d5c6bbfa0938e773c7548eb2521f013b3e930abcab9fb3140944543
SHA512

2643b90485cb43b75228bda0d0f8cc3898460cbd759a9f992a3d293ca41cec4d140a76d77b1de6ce198a25b027a96323cb7f05c33889bef660367b1327af71b2
SSDEEP

1536:+QE+2YJU3XHeclcPOPT/qHM20glZ7s7qs3tSQ0+dIgTDoyW:dEkG3dL/kMw7s7qktSQ07

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a0ad97f49d5c6bbfa0938e773c7548eb2521f013b3e930abcab9fb3140944543
- Size
  
  144KB
- MD5
  
  4590fc9c0139fbbb7f469c51a23c85bf
- SHA1
  
  b964a5eb65b881bfc6a19ff0367bcb731ec2a53f
- SHA256
  
  a0ad97f49d5c6bbfa0938e773c7548eb2521f013b3e930abcab9fb3140944543
- SHA512
  
  2643b90485cb43b75228bda0d0f8cc3898460cbd759a9f992a3d293ca41cec4d140a76d77b1de6ce198a25b027a96323cb7f05c33889bef660367b1327af71b2
- SSDEEP
  
  1536:+QE+2YJU3XHeclcPOPT/qHM20glZ7s7qs3tSQ0+dIgTDoyW:dEkG3dL/kMw7s7qktSQ07
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2