ed722c39067548d7c754f8a32eb30649020d509972bd8267d09c5764ea992925 | Triage

Sharing

General

Target

ed722c39067548d7c754f8a32eb30649020d509972bd8267d09c5764ea992925
Size

64KB
Sample

221207-egmleacg32
MD5

18a2548ef2c7509db70bb9c6817da990
SHA1

d247979375ea4fd47e11f5b1a4d0aef3ba82440a
SHA256

ed722c39067548d7c754f8a32eb30649020d509972bd8267d09c5764ea992925
SHA512

988dd812de7b19e4f9dc398d0627ab87a6893c2d4db86b1c13babfb52ba227204050431c1689438470871d644de2f0bd942ed51d89cfe45400ab323bcec9990a
SSDEEP

768:Af33iSW+AYmNn8hnWDx87reBqfE9OlrcF0/0uCuyWPPW992haewy6Sgu9:03PvAV1gnWurwqs9Oq62xh6

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ed722c39067548d7c754f8a32eb30649020d509972bd8267d09c5764ea992925
- Size
  
  64KB
- MD5
  
  18a2548ef2c7509db70bb9c6817da990
- SHA1
  
  d247979375ea4fd47e11f5b1a4d0aef3ba82440a
- SHA256
  
  ed722c39067548d7c754f8a32eb30649020d509972bd8267d09c5764ea992925
- SHA512
  
  988dd812de7b19e4f9dc398d0627ab87a6893c2d4db86b1c13babfb52ba227204050431c1689438470871d644de2f0bd942ed51d89cfe45400ab323bcec9990a
- SSDEEP
  
  768:Af33iSW+AYmNn8hnWDx87reBqfE9OlrcF0/0uCuyWPPW992haewy6Sgu9:03PvAV1gnWurwqs9Oq62xh6
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2