e47f2ef05bb54c3846381a68b649e4fbfddc88f28e5234561dd6db300ebc3cd9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

411c9be1fd7c502768eaffed6df2a415
Size

156KB
Sample

231225-2p3c6adgd8
MD5

411c9be1fd7c502768eaffed6df2a415
SHA1

9f9f76dd49bc79b357280744b57f17a95d210a57
SHA256

e47f2ef05bb54c3846381a68b649e4fbfddc88f28e5234561dd6db300ebc3cd9
SHA512

fa6628cd39d0de58f0b1f370705a34e72ef252f46c471e601e8bf3b7c95aeda79b72e5551f370c31d3e9d9ff64070ecd7e1d63ca2140269289619236434502e1
SSDEEP

192:ENrN1miRx8TeAOU190BBkxCQOXW8Vn3NLg5qPCVu1miRx:8UTRyBbQiVnShVW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  411c9be1fd7c502768eaffed6df2a415
- Size
  
  156KB
- MD5
  
  411c9be1fd7c502768eaffed6df2a415
- SHA1
  
  9f9f76dd49bc79b357280744b57f17a95d210a57
- SHA256
  
  e47f2ef05bb54c3846381a68b649e4fbfddc88f28e5234561dd6db300ebc3cd9
- SHA512
  
  fa6628cd39d0de58f0b1f370705a34e72ef252f46c471e601e8bf3b7c95aeda79b72e5551f370c31d3e9d9ff64070ecd7e1d63ca2140269289619236434502e1
- SSDEEP
  
  192:ENrN1miRx8TeAOU190BBkxCQOXW8Vn3NLg5qPCVu1miRx:8UTRyBbQiVnShVW
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence