d37a5f72ad8116431f69aedca9ce5f6e5aa8b7419d4efc39c803715d4a382037 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6a1696ed36b2544a3b7dd16ed18d5070.exe
Size

3.9MB
Sample

231102-t8vhnagh5t
MD5

6a1696ed36b2544a3b7dd16ed18d5070
SHA1

2d4c83043da9a38bae2134626e4ed697d0194fe8
SHA256

d37a5f72ad8116431f69aedca9ce5f6e5aa8b7419d4efc39c803715d4a382037
SHA512

33389be60afdf7ef2379f34d4b1f8492c5704a98198b2cd7ed58d0cc6f3a39270592432b07832f30fb02e46cf0284cac9f49c79c8cd565caac8729b653806197
SSDEEP

98304:v5y3KDI9pKALoCbU3vX+q+yD35+3t0u1N7NKYouY:v52KiK/eBy9+33N7NVS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.6a1696ed36b2544a3b7dd16ed18d5070.exe
- Size
  
  3.9MB
- MD5
  
  6a1696ed36b2544a3b7dd16ed18d5070
- SHA1
  
  2d4c83043da9a38bae2134626e4ed697d0194fe8
- SHA256
  
  d37a5f72ad8116431f69aedca9ce5f6e5aa8b7419d4efc39c803715d4a382037
- SHA512
  
  33389be60afdf7ef2379f34d4b1f8492c5704a98198b2cd7ed58d0cc6f3a39270592432b07832f30fb02e46cf0284cac9f49c79c8cd565caac8729b653806197
- SSDEEP
  
  98304:v5y3KDI9pKALoCbU3vX+q+yD35+3t0u1N7NKYouY:v52KiK/eBy9+33N7NVS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2