68a02a2f513b9ab2643d69f0b8726999a12bf7fd3ade5df8b8b42fe3cbea7c47 | Triage

Sharing

General

Target

Invoice.zip
Size

351KB
Sample

230315-j63fdaec21
MD5

bf2e2c80262dbd8a03b645211a4f246e
SHA1

706cd2bba5038dceb11b3ed151792602e80487e0
SHA256

68a02a2f513b9ab2643d69f0b8726999a12bf7fd3ade5df8b8b42fe3cbea7c47
SHA512

140d098c8a24ffedf8cebff732aaa3666aa405153c1dd3ea191de3a10ad7fbe9b970580c8efb0170df49d46f4bdfaf91b92fc30a59dd9d34de2e10ede4dd236d
SSDEEP

6144:gNj2qr8ilQnqbqxdMBfR0tYNsy+1QEgMj43kIzp7ihPRT4TdmqBaKF2cxRG9Q7Ko:kt8WYqbiGBqtYNsy+1QEgMP8ZihPRMZV

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Invoice.exe
- Size
  
  592KB
- MD5
  
  fed122c27dd23694b3f84df9bc37ea14
- SHA1
  
  e5e8f651530c1ee6ad12d0bdc06b1f86bf74ff38
- SHA256
  
  3d7a7cad37509dedfd5d195c2f974e4ed7b2a03ead71e4744d753f40a3d4b43d
- SHA512
  
  6e2e84c925e4b6e561d0c27f997bef7b319c87f8ab12e1767e072ce33ae4d487c821835299dcc52c2a8084d98f2018750d7cc489cadcb11b43a6a411c179f17d
- SSDEEP
  
  12288:LLxq34o4lbX2ZE2cjTYNqy+1oE9hPIc0ohhQ7OfJ+6bhwfK71aK:UohAcFhhQ7OBtf
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2