584772288f279aea9113d3fc2111a5b6f69c71ef3d4421def20f8f68c671a72f | Triage

Sharing

General

Target

07a4d7ad1daf2da53a461014d98abc38
Size

256KB
Sample

231224-vp68safghp
MD5

07a4d7ad1daf2da53a461014d98abc38
SHA1

aaff80a567ce1eae273bd0df18eb987e7a1d2d46
SHA256

584772288f279aea9113d3fc2111a5b6f69c71ef3d4421def20f8f68c671a72f
SHA512

fd1d352610342f0b654819b767e024150e445958c182258e9d2f9abee3035da652a455ca31219d5306586ffae5c34ade6bd9810f2bb34029d9b9e5000857bf5e
SSDEEP

6144:fnMB+jKbQe6yUJuZMJGq2zj9yTYUrRFDCwymwrdCcYSA+e/lqtPLyz2fZhH5h9:/btyA36URlqJyz83

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  07a4d7ad1daf2da53a461014d98abc38
- Size
  
  256KB
- MD5
  
  07a4d7ad1daf2da53a461014d98abc38
- SHA1
  
  aaff80a567ce1eae273bd0df18eb987e7a1d2d46
- SHA256
  
  584772288f279aea9113d3fc2111a5b6f69c71ef3d4421def20f8f68c671a72f
- SHA512
  
  fd1d352610342f0b654819b767e024150e445958c182258e9d2f9abee3035da652a455ca31219d5306586ffae5c34ade6bd9810f2bb34029d9b9e5000857bf5e
- SSDEEP
  
  6144:fnMB+jKbQe6yUJuZMJGq2zj9yTYUrRFDCwymwrdCcYSA+e/lqtPLyz2fZhH5h9:/btyA36URlqJyz83
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence