e4f0bdbd5d52886f25f8264d23c0336228295e84899c4463627afb40fe55c6ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ploads.exe
Size

1.3MB
Sample

230817-gld6yahc8t
MD5

87aa1f5208647f5a3ffae43f7c7e2d8e
SHA1

649b1eb2281ec8e12a4ced57bc9c4db50ebe08e0
SHA256

e4f0bdbd5d52886f25f8264d23c0336228295e84899c4463627afb40fe55c6ee
SHA512

6315242e993f64d3e2038da0c5fa75a004bcf74993540a549586f14860ae68f6a4998e9254ffeee7201aa567bc58a9a4e5e0c9be5fd616a0488460c676e62642
SSDEEP

24576:OAyrRdspaZtQd85Yp4DT7Gaki8hT7YwTp:OAYTkndrInEi8l7Y

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ploads.exe
- Size
  
  1.3MB
- MD5
  
  87aa1f5208647f5a3ffae43f7c7e2d8e
- SHA1
  
  649b1eb2281ec8e12a4ced57bc9c4db50ebe08e0
- SHA256
  
  e4f0bdbd5d52886f25f8264d23c0336228295e84899c4463627afb40fe55c6ee
- SHA512
  
  6315242e993f64d3e2038da0c5fa75a004bcf74993540a549586f14860ae68f6a4998e9254ffeee7201aa567bc58a9a4e5e0c9be5fd616a0488460c676e62642
- SSDEEP
  
  24576:OAyrRdspaZtQd85Yp4DT7Gaki8hT7YwTp:OAYTkndrInEi8l7Y
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2