bb8e5b8755c8f95f7f8bc1f16e17e787c710672c3a21cf1e573fbe58905e07c7 | Triage

Sharing

General

Target

bb8e5b8755c8f95f7f8bc1f16e17e787c710672c3a21cf1e573fbe58905e07c7
Size

308KB
Sample

221206-px7avshg55
MD5

94430b691ff1d3ee54d2bbd4aa3682e6
SHA1

c775d023c85889532679ecf6716048a7b37fe722
SHA256

bb8e5b8755c8f95f7f8bc1f16e17e787c710672c3a21cf1e573fbe58905e07c7
SHA512

8313a21fcad9665a3dfb37daed2576f2975ef587b0e6e8b18e09c138f31dffb0ff752fb418f2e61c756093f2a627a858445d867211450a056f285e2e4fdcf442
SSDEEP

1536:0mOjN33kWn8GuhyQgoQT9gmOjN33kWn8Gu:NOjNHkWn8GmwT9xOjNHkWn8G

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  bb8e5b8755c8f95f7f8bc1f16e17e787c710672c3a21cf1e573fbe58905e07c7
- Size
  
  308KB
- MD5
  
  94430b691ff1d3ee54d2bbd4aa3682e6
- SHA1
  
  c775d023c85889532679ecf6716048a7b37fe722
- SHA256
  
  bb8e5b8755c8f95f7f8bc1f16e17e787c710672c3a21cf1e573fbe58905e07c7
- SHA512
  
  8313a21fcad9665a3dfb37daed2576f2975ef587b0e6e8b18e09c138f31dffb0ff752fb418f2e61c756093f2a627a858445d867211450a056f285e2e4fdcf442
- SSDEEP
  
  1536:0mOjN33kWn8GuhyQgoQT9gmOjN33kWn8Gu:NOjNHkWn8GmwT9xOjNHkWn8G
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2