72168a89750f62e78b06569c50f163bc162d53efb68e186f13cb9acbb21d9f63 | Triage

Sharing

General

Target

NEAS.03b30e9c35e492f3440e414a0acaba8e_JC.exe
Size

567KB
Sample

231015-reb34she57
MD5

03b30e9c35e492f3440e414a0acaba8e
SHA1

5294f4262b2d22edd570da5b2b160a4acdad7195
SHA256

72168a89750f62e78b06569c50f163bc162d53efb68e186f13cb9acbb21d9f63
SHA512

38534212073afa4fa4c78cdf4552c3e9f9d9d6db2fef5881cb10694169d50cc3ae31d1950c676ede88c3a949f0697839ca56aad3912758c25517c081be562c36
SSDEEP

12288:Gw6104iQwNHuT6xzEj95Hh4dHlo6RQmtWMWOPDtocYx4H6UZF:Gw610bbHuT6i/BkF7RQmtWMWOPJS4H68

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.03b30e9c35e492f3440e414a0acaba8e_JC.exe
- Size
  
  567KB
- MD5
  
  03b30e9c35e492f3440e414a0acaba8e
- SHA1
  
  5294f4262b2d22edd570da5b2b160a4acdad7195
- SHA256
  
  72168a89750f62e78b06569c50f163bc162d53efb68e186f13cb9acbb21d9f63
- SHA512
  
  38534212073afa4fa4c78cdf4552c3e9f9d9d6db2fef5881cb10694169d50cc3ae31d1950c676ede88c3a949f0697839ca56aad3912758c25517c081be562c36
- SSDEEP
  
  12288:Gw6104iQwNHuT6xzEj95Hh4dHlo6RQmtWMWOPDtocYx4H6UZF:Gw610bbHuT6i/BkF7RQmtWMWOPJS4H68
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2