56b762d3989877a02776e05d641b8d81c8631393a422603536a6b8f1cec07ef7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

362a77fa246c879615ac3a040272dda5
Size

69KB
Sample

231225-xmbp7sfffn
MD5

362a77fa246c879615ac3a040272dda5
SHA1

5d1d481aa60f80798dd2be02f67dc04d98214a42
SHA256

56b762d3989877a02776e05d641b8d81c8631393a422603536a6b8f1cec07ef7
SHA512

5249bff5c58c9bf9897e04eabb48e608d2b742697abe4c921658511bf81c052141a5a910b9d4fda10f00b3df15a04455a003aef11453a7689da8b6f1eb6cafac
SSDEEP

1536:+g3j2ALadLHma+gqMhFebVa9eB+FBNq0kwM7T5IT:+gzCdLGa+gqMh8MES7kFv5O

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  362a77fa246c879615ac3a040272dda5
- Size
  
  69KB
- MD5
  
  362a77fa246c879615ac3a040272dda5
- SHA1
  
  5d1d481aa60f80798dd2be02f67dc04d98214a42
- SHA256
  
  56b762d3989877a02776e05d641b8d81c8631393a422603536a6b8f1cec07ef7
- SHA512
  
  5249bff5c58c9bf9897e04eabb48e608d2b742697abe4c921658511bf81c052141a5a910b9d4fda10f00b3df15a04455a003aef11453a7689da8b6f1eb6cafac
- SSDEEP
  
  1536:+g3j2ALadLHma+gqMhFebVa9eB+FBNq0kwM7T5IT:+gzCdLGa+gqMh8MES7kFv5O
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2