17bd11d86c796ee99b3d1498de8a7991deeb991c89f93cb8017740c34053cb9b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15b024754b89b6dee1cebc3d3c47f9c7
Size

325KB
Sample

231225-l1m5lscea6
MD5

15b024754b89b6dee1cebc3d3c47f9c7
SHA1

094535371cdd21a3f0974e2b92325870f4e8c66b
SHA256

17bd11d86c796ee99b3d1498de8a7991deeb991c89f93cb8017740c34053cb9b
SHA512

57d4cb18515b7101a2f51e358066dddc57be4e8437e5dcfcc8060c671fd3256db21b60964a65297b8d474ab775f9d352436b255b77ca8a503fbbffcc9045bb1f
SSDEEP

6144:+lx6Sw1nXQD5VvexgpRXcwt9pwEJPZkNoC7ywN6VuPeF7760xOnf:zP5YSipuYVJhoGY6B7GZf

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  162.exe
- Size
  
  296KB
- MD5
  
  0de3dde9632d7cd81c6faa8935367ee6
- SHA1
  
  5d7ad691d002257a36fd4d70a9eca9d5b3f94de3
- SHA256
  
  9f5ad1582ee9ffc0ff069462fdc11ee940caee24ba86f7dfac172ff243c3fbe6
- SHA512
  
  464fcddd7b0e02ddf1d1596f1eae049d3802b513f05d2578f980b8ecc13195ceb354e7245ba6ac125a3e9a36b39f506c6fc208dff50ac4f788cea6d77fc69aa8
- SSDEEP
  
  6144:7TMPJK8pp1EmaiUvxFm91X6KS/foPdlFPN560qcHyWzK:S3pp1EPvsE/CFl56VW+
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  X.exe
- Size
  
  39KB
- MD5
  
  a5f1ad106a65b097071d8397db5ed78a
- SHA1
  
  0b368490aaa267989d5a70b88f11513493d82b05
- SHA256
  
  31b5d8c021ab64237e7eee7bf043d0abb624ae238857616721a7e07fa7c0bd2d
- SHA512
  
  eea7f105bec3660d3fe65865a28dc39eb90446a3f0cd7b19c91c478c401d76b73e10207de33ea720e8c6319a6ebe5f14ec96fbadfd00ae0c4111cce4db5c7bf5
- SSDEEP
  
  768:D/qMNNJGiw2YJmOne9+RTQArtovGC2fj8rwuX+hCD3xJPro8f9h9x:GMFk27XMCH6j8rVwCdloK1x
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4