3b24e3d7238406c007bad4039d77f3eed128366c37d94c2986fdb118e9d5a57e | Triage

Sharing

General

Target

12c55895f54ce6a9840c3be8837f9dac
Size

2.7MB
Sample

231224-z647zagcd4
MD5

12c55895f54ce6a9840c3be8837f9dac
SHA1

dcfff0d05b8893c083a25dc0ae7be76075071398
SHA256

3b24e3d7238406c007bad4039d77f3eed128366c37d94c2986fdb118e9d5a57e
SHA512

1347c2045d0ef513eb242de0b6663d14d225840b1f11d61a137860359cc9ffbf6b1481c9e1607005cd2d3fe1620a40fbb76bebdb33303a8b03ef4ad61afdb48b
SSDEEP

3072:UUXJ1OXAgGTRuu2qqXGUtAmHVhAiMiB0TTN/7hQl:UUCXcTY5NAmTkTJ7hM

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  12c55895f54ce6a9840c3be8837f9dac
- Size
  
  2.7MB
- MD5
  
  12c55895f54ce6a9840c3be8837f9dac
- SHA1
  
  dcfff0d05b8893c083a25dc0ae7be76075071398
- SHA256
  
  3b24e3d7238406c007bad4039d77f3eed128366c37d94c2986fdb118e9d5a57e
- SHA512
  
  1347c2045d0ef513eb242de0b6663d14d225840b1f11d61a137860359cc9ffbf6b1481c9e1607005cd2d3fe1620a40fbb76bebdb33303a8b03ef4ad61afdb48b
- SSDEEP
  
  3072:UUXJ1OXAgGTRuu2qqXGUtAmHVhAiMiB0TTN/7hQl:UUCXcTY5NAmTkTJ7hM
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2