16d42832e376ce666a6c8166a70a31972d8c03b7b32ac6051ea2771d9f8b4591 | Triage

Sharing

General

Target

4e0b2dda7a4d102e9523ab23603f8f18
Size

131KB
Sample

231226-dda8jacff5
MD5

4e0b2dda7a4d102e9523ab23603f8f18
SHA1

1d9b715dc20a63e1a4be61d54b735abaaf1f7edb
SHA256

16d42832e376ce666a6c8166a70a31972d8c03b7b32ac6051ea2771d9f8b4591
SHA512

4a4877e85aa8503fdcb2af1249cb1a5aec5b62957224d42df61d52b64de370cbc2f8bbfdfbd9238a6e8adb0f52e26ebc2011bb5fb976982d3716fd4bc362b855
SSDEEP

3072:rF6ws7Z6qGqnK+Qfw6mvwlT8k95C5rDW+Bzyt1K2aWiKb:rF6ws7/Mw6mqgRyt1hb

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  4e0b2dda7a4d102e9523ab23603f8f18
- Size
  
  131KB
- MD5
  
  4e0b2dda7a4d102e9523ab23603f8f18
- SHA1
  
  1d9b715dc20a63e1a4be61d54b735abaaf1f7edb
- SHA256
  
  16d42832e376ce666a6c8166a70a31972d8c03b7b32ac6051ea2771d9f8b4591
- SHA512
  
  4a4877e85aa8503fdcb2af1249cb1a5aec5b62957224d42df61d52b64de370cbc2f8bbfdfbd9238a6e8adb0f52e26ebc2011bb5fb976982d3716fd4bc362b855
- SSDEEP
  
  3072:rF6ws7Z6qGqnK+Qfw6mvwlT8k95C5rDW+Bzyt1K2aWiKb:rF6ws7/Mw6mqgRyt1hb
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2