2a5fa550056b2f30826aef61f74863c4726b0df18c036ea720993b9e45f9daab | Triage

Sharing

General

Target

372975e9ebc7d5eac768fcae4bf85327
Size

112KB
Sample

231225-xx45habda9
MD5

372975e9ebc7d5eac768fcae4bf85327
SHA1

7cfb3bc71c58d3a9020b669ed3e01d26752f0663
SHA256

2a5fa550056b2f30826aef61f74863c4726b0df18c036ea720993b9e45f9daab
SHA512

35e41f13510b168e1b834f0b1943ac234f3929eef9bdd0474a0c4846be03a146cd6a6f0b78792cd9a29220597987613d2b914858aa6e2ac93d0eb419588c70c1
SSDEEP

1536:fqAD6mHq2bkX8aFrw3G+cW+YMw9CjpllbfAjMvd3wSr0+0FOZAkqy6:fqWj4T6cLrjplQ8d39r0xFOC

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  372975e9ebc7d5eac768fcae4bf85327
- Size
  
  112KB
- MD5
  
  372975e9ebc7d5eac768fcae4bf85327
- SHA1
  
  7cfb3bc71c58d3a9020b669ed3e01d26752f0663
- SHA256
  
  2a5fa550056b2f30826aef61f74863c4726b0df18c036ea720993b9e45f9daab
- SHA512
  
  35e41f13510b168e1b834f0b1943ac234f3929eef9bdd0474a0c4846be03a146cd6a6f0b78792cd9a29220597987613d2b914858aa6e2ac93d0eb419588c70c1
- SSDEEP
  
  1536:fqAD6mHq2bkX8aFrw3G+cW+YMw9CjpllbfAjMvd3wSr0+0FOZAkqy6:fqWj4T6cLrjplQ8d39r0xFOC
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2