cc2971e18e5a799d43e476cf4fed3166abca1730730fc2414960125a7952cb90 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5a18ef08cd89098d5e7e92002744db80.exe
Size

204KB
Sample

231028-ymr8mafh3z
MD5

5a18ef08cd89098d5e7e92002744db80
SHA1

acb60a0d6bcd662c95961e8a968b4e00afebaf59
SHA256

cc2971e18e5a799d43e476cf4fed3166abca1730730fc2414960125a7952cb90
SHA512

f3b129ca2be75e10a47753cd40922d86279098cdf8ec296132e41591de1532fb7dbaba8dfa483090676313b5f5150d103dc0bcf3f097e717d28b9cb5b042168a
SSDEEP

3072:aO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:agFtboVBJtNWyPnYG4fUbk

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.5a18ef08cd89098d5e7e92002744db80.exe
- Size
  
  204KB
- MD5
  
  5a18ef08cd89098d5e7e92002744db80
- SHA1
  
  acb60a0d6bcd662c95961e8a968b4e00afebaf59
- SHA256
  
  cc2971e18e5a799d43e476cf4fed3166abca1730730fc2414960125a7952cb90
- SHA512
  
  f3b129ca2be75e10a47753cd40922d86279098cdf8ec296132e41591de1532fb7dbaba8dfa483090676313b5f5150d103dc0bcf3f097e717d28b9cb5b042168a
- SSDEEP
  
  3072:aO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:agFtboVBJtNWyPnYG4fUbk
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2