694e96dc16114b2413c442ef8ec159f3a03e2e2f609785e63054c3b5e2758b4d | Triage

Sharing

General

Target

NEAS.10fa976229429956070b1c3f04e245e1.exe
Size

6.9MB
Sample

231107-sglwrsba41
MD5

10fa976229429956070b1c3f04e245e1
SHA1

6210538cbbd9c9638541ee9afc04e82f6f23017e
SHA256

694e96dc16114b2413c442ef8ec159f3a03e2e2f609785e63054c3b5e2758b4d
SHA512

ec947abb4cdf58390ad41eb47d2e066394d6e4a654f8b2c3c3df0c6c93033b5d1f8b770506311b1768d7fdcb8824e520d49ca9c0b1b7eb7b91a5d5a36f2f4e07
SSDEEP

196608:bf7HTjPBz4KkAYcDz7yhGbbRZvZUE0F6lagttgw:/Hv6yprvRZeGPj

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.10fa976229429956070b1c3f04e245e1.exe
- Size
  
  6.9MB
- MD5
  
  10fa976229429956070b1c3f04e245e1
- SHA1
  
  6210538cbbd9c9638541ee9afc04e82f6f23017e
- SHA256
  
  694e96dc16114b2413c442ef8ec159f3a03e2e2f609785e63054c3b5e2758b4d
- SHA512
  
  ec947abb4cdf58390ad41eb47d2e066394d6e4a654f8b2c3c3df0c6c93033b5d1f8b770506311b1768d7fdcb8824e520d49ca9c0b1b7eb7b91a5d5a36f2f4e07
- SSDEEP
  
  196608:bf7HTjPBz4KkAYcDz7yhGbbRZvZUE0F6lagttgw:/Hv6yprvRZeGPj
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2