fb9b2ec8da4124756d61cb41240364f8fa16717c843a3ca1cd4a2cd0c59a02ae | Triage

Sharing

General

Target

fb9b2ec8da4124756d61cb41240364f8fa16717c843a3ca1cd4a2cd0c59a02ae
Size

501KB
Sample

221206-vr6d9sgc33
MD5

7ea9290c902c31ee231c03e9089bdc76
SHA1

f75c08c945455e86f8d7cc94d1592287ae740f2e
SHA256

fb9b2ec8da4124756d61cb41240364f8fa16717c843a3ca1cd4a2cd0c59a02ae
SHA512

2b99c951e3614e3cc191217bb91cb9048c074ceda47842e705314f4709a14ee46bd4226e4ab107778d6012a60dc9e83527f3fc9b5aa90bf39bcea7bf953bc114
SSDEEP

6144:Mg0dFN9ODM1AMvZKXJUX6NgI+mW6D6RZc1geYEY:+8Mvw+qemWZy1gmY

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  fb9b2ec8da4124756d61cb41240364f8fa16717c843a3ca1cd4a2cd0c59a02ae
- Size
  
  501KB
- MD5
  
  7ea9290c902c31ee231c03e9089bdc76
- SHA1
  
  f75c08c945455e86f8d7cc94d1592287ae740f2e
- SHA256
  
  fb9b2ec8da4124756d61cb41240364f8fa16717c843a3ca1cd4a2cd0c59a02ae
- SHA512
  
  2b99c951e3614e3cc191217bb91cb9048c074ceda47842e705314f4709a14ee46bd4226e4ab107778d6012a60dc9e83527f3fc9b5aa90bf39bcea7bf953bc114
- SSDEEP
  
  6144:Mg0dFN9ODM1AMvZKXJUX6NgI+mW6D6RZc1geYEY:+8Mvw+qemWZy1gmY
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2