99e52cfe133eae0b390213d6debc5f26e03ffe8e100400949c0ad4b4ff29c700 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99e52cfe133eae0b390213d6debc5f26e03ffe8e100400949c0ad4b4ff29c700
Size

21KB
Sample

221206-kyh77sfd4y
MD5

3d73d5579cc9193db4a4fe08f0307483
SHA1

38274eb843a6bd7ac833fb1990d058393738467a
SHA256

99e52cfe133eae0b390213d6debc5f26e03ffe8e100400949c0ad4b4ff29c700
SHA512

2d6be8626c252f55eaf7275b409e642ba448d3ac08696c3c0bfe7f09e9b54965f9f4775883d1aa889d7a344588b1aafa067e0c56bd780ab3b2ae6d5359c708b7
SSDEEP

384:Ip2u9TV/HRYBTGAl1qJYdIrWEKRSLV2NNKsXxSmeirO26:IIKp/HRYByAl2mydRiN1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  99e52cfe133eae0b390213d6debc5f26e03ffe8e100400949c0ad4b4ff29c700
- Size
  
  21KB
- MD5
  
  3d73d5579cc9193db4a4fe08f0307483
- SHA1
  
  38274eb843a6bd7ac833fb1990d058393738467a
- SHA256
  
  99e52cfe133eae0b390213d6debc5f26e03ffe8e100400949c0ad4b4ff29c700
- SHA512
  
  2d6be8626c252f55eaf7275b409e642ba448d3ac08696c3c0bfe7f09e9b54965f9f4775883d1aa889d7a344588b1aafa067e0c56bd780ab3b2ae6d5359c708b7
- SSDEEP
  
  384:Ip2u9TV/HRYBTGAl1qJYdIrWEKRSLV2NNKsXxSmeirO26:IIKp/HRYByAl2mydRiN1
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence