fa87a20cc3613200f68e069ebf03bf841a54e1aafe43141eac8c5090b7cdb336 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

023dfc651cef63a08cb8f0aacdeaa978
Size

1.9MB
Sample

231224-r71beaccg7
MD5

023dfc651cef63a08cb8f0aacdeaa978
SHA1

d6c2560b87e619083ac070efc8d56addc7267423
SHA256

fa87a20cc3613200f68e069ebf03bf841a54e1aafe43141eac8c5090b7cdb336
SHA512

abf794a1387a3685108aa130982a3a90ab0ca69fadffe83d277da77579790295765cd849b13f087c967ba5872ad5bb59b15bc45c8e91d4b20aad1b2436cb9cfd
SSDEEP

12288:C7qYxucwN74XguniSTsrHGyKWUxUHeC7/wazIQNcF8r/X0SCuOiA6:CSc9XguniGiNhsCIQu8rcSClN6

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  023dfc651cef63a08cb8f0aacdeaa978
- Size
  
  1.9MB
- MD5
  
  023dfc651cef63a08cb8f0aacdeaa978
- SHA1
  
  d6c2560b87e619083ac070efc8d56addc7267423
- SHA256
  
  fa87a20cc3613200f68e069ebf03bf841a54e1aafe43141eac8c5090b7cdb336
- SHA512
  
  abf794a1387a3685108aa130982a3a90ab0ca69fadffe83d277da77579790295765cd849b13f087c967ba5872ad5bb59b15bc45c8e91d4b20aad1b2436cb9cfd
- SSDEEP
  
  12288:C7qYxucwN74XguniSTsrHGyKWUxUHeC7/wazIQNcF8r/X0SCuOiA6:CSc9XguniGiNhsCIQu8rcSClN6
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2