3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25
Size

75KB
Sample

221206-mmnpnaaa43
MD5

f58be2328792d13e1a9d926d291852f2
SHA1

91e5d25c4879b111e1101fe78cf0ba28fbf17240
SHA256

3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25
SHA512

5bfdb0d8debdbd496008e0e6094bd4110bf106f227ec4bed86ac60c8aead03890cf57ec9f74ba1fa888337c054791143b5b46d0d347aaeb33d379f3df0a89b5f
SSDEEP

1536:B6IfYyrbPCLAY6acU95xO0KcmtCG+XHyl/ZDDDDDDDDD:B6If7rbPCL7689C0KUIDDDDDDDDD

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25
- Size
  
  75KB
- MD5
  
  f58be2328792d13e1a9d926d291852f2
- SHA1
  
  91e5d25c4879b111e1101fe78cf0ba28fbf17240
- SHA256
  
  3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25
- SHA512
  
  5bfdb0d8debdbd496008e0e6094bd4110bf106f227ec4bed86ac60c8aead03890cf57ec9f74ba1fa888337c054791143b5b46d0d347aaeb33d379f3df0a89b5f
- SSDEEP
  
  1536:B6IfYyrbPCLAY6acU95xO0KcmtCG+XHyl/ZDDDDDDDDD:B6If7rbPCL7689C0KUIDDDDDDDDD
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2