7917ddc85c27f7c9c237ffa7e8239ca3c431dcf397d41c2e3eb3b6235c9cda19 | Triage

Sharing

General

Target

3a0f9b5489a3d5434c72a9088a8b9807
Size

191KB
Sample

231225-ytmaysfbgq
MD5

3a0f9b5489a3d5434c72a9088a8b9807
SHA1

c3788a4fe94f9ac16bfcee2576a870829c952f46
SHA256

7917ddc85c27f7c9c237ffa7e8239ca3c431dcf397d41c2e3eb3b6235c9cda19
SHA512

a73374a2e8f6411715f21b785c7bdbf2c422cee04ff1895dd868c597022edd9a62fba82e500115bb39ad185339830f56c8de920d032e8ef2fcf5de996ad20592
SSDEEP

1536:I3IHViDrCi7ZOVRPrzx2HqXCtmtuxi0zw8gTpdLY1izKYbbn:I3uVgZOVVrzx2gsLmHMiF7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3a0f9b5489a3d5434c72a9088a8b9807
- Size
  
  191KB
- MD5
  
  3a0f9b5489a3d5434c72a9088a8b9807
- SHA1
  
  c3788a4fe94f9ac16bfcee2576a870829c952f46
- SHA256
  
  7917ddc85c27f7c9c237ffa7e8239ca3c431dcf397d41c2e3eb3b6235c9cda19
- SHA512
  
  a73374a2e8f6411715f21b785c7bdbf2c422cee04ff1895dd868c597022edd9a62fba82e500115bb39ad185339830f56c8de920d032e8ef2fcf5de996ad20592
- SSDEEP
  
  1536:I3IHViDrCi7ZOVRPrzx2HqXCtmtuxi0zw8gTpdLY1izKYbbn:I3uVgZOVVrzx2gsLmHMiF7
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence