20a01a3dba0656750dd564612945f512fc5aaf488fe8127ecd6de35084996265 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3690b7211297fdcc3493ee83c8e3f450.exe
Size

355KB
Sample

231103-pbfwsacc96
MD5

3690b7211297fdcc3493ee83c8e3f450
SHA1

4b92baef002c58cddf5b4b4d4a0f8c5876708725
SHA256

20a01a3dba0656750dd564612945f512fc5aaf488fe8127ecd6de35084996265
SHA512

e13993e26141dbf594bdec294f2605d9a0d1bcf38502cd82e1c66206b8eaf3e78971a38617ddb001e26468d03611cda08a547674747e3f6e76342b447df5f472
SSDEEP

6144:43EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:DmWhND9yJz+b1FcMLmp2ATTSsdS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.3690b7211297fdcc3493ee83c8e3f450.exe
- Size
  
  355KB
- MD5
  
  3690b7211297fdcc3493ee83c8e3f450
- SHA1
  
  4b92baef002c58cddf5b4b4d4a0f8c5876708725
- SHA256
  
  20a01a3dba0656750dd564612945f512fc5aaf488fe8127ecd6de35084996265
- SHA512
  
  e13993e26141dbf594bdec294f2605d9a0d1bcf38502cd82e1c66206b8eaf3e78971a38617ddb001e26468d03611cda08a547674747e3f6e76342b447df5f472
- SSDEEP
  
  6144:43EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:DmWhND9yJz+b1FcMLmp2ATTSsdS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2