ccd886f017cf9e046e0657773d2fd1812d60e018066bae7fc57efa8d83058957 | Triage

Sharing

General

Target

f1b3ae7309941128248c9c15f6e44ee5
Size

60KB
Sample

231222-t1b2caagb2
MD5

f1b3ae7309941128248c9c15f6e44ee5
SHA1

0c22b67a61c9cda73f3c978f71c470451e211e21
SHA256

ccd886f017cf9e046e0657773d2fd1812d60e018066bae7fc57efa8d83058957
SHA512

7aa6a3bd9ad31342361b76d991a5c6edf6ab57ead5c6c755096a3dcbe91f42ce44d289d07e14d645e1d1ad81cbb5cc914c0ce8dd558c7921d9f8f58b0dc62f3a
SSDEEP

1536:wgOzqIfhbp1pj7lsRD8tT/9SztLmuttq2vXlEws6dMETgQtewNhJ3FEPYPb1:wTsRD8mzPXlEwssMETg2fxjPb1

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f1b3ae7309941128248c9c15f6e44ee5
- Size
  
  60KB
- MD5
  
  f1b3ae7309941128248c9c15f6e44ee5
- SHA1
  
  0c22b67a61c9cda73f3c978f71c470451e211e21
- SHA256
  
  ccd886f017cf9e046e0657773d2fd1812d60e018066bae7fc57efa8d83058957
- SHA512
  
  7aa6a3bd9ad31342361b76d991a5c6edf6ab57ead5c6c755096a3dcbe91f42ce44d289d07e14d645e1d1ad81cbb5cc914c0ce8dd558c7921d9f8f58b0dc62f3a
- SSDEEP
  
  1536:wgOzqIfhbp1pj7lsRD8tT/9SztLmuttq2vXlEws6dMETgQtewNhJ3FEPYPb1:wTsRD8mzPXlEwssMETg2fxjPb1
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2