28ad6e46e20367d7608d87023d7f50b2efb425b46f0797d1e57d38bdde6b5b9d | Triage

Sharing

General

Target

5216bb522237025747fb9842fd766140
Size

152KB
Sample

231226-egnhpsbea3
MD5

5216bb522237025747fb9842fd766140
SHA1

99c6f02c60f09e7baa0a46b387111b599fb9fbd7
SHA256

28ad6e46e20367d7608d87023d7f50b2efb425b46f0797d1e57d38bdde6b5b9d
SHA512

36053ab90193424d6c014017aeaf127c778108ff8d972e662a5040d9c62124c22042d5c195650a1bee183830867dc4b5bcabaac97daed11e3d50be7608d420cb
SSDEEP

3072:k/QMFZvOsi67UvPql3psQl0XD6VIOsHbM2N2eGWYxJ9jTbRfZUh:/MVRUvQ3rXKLbM2cIS9jXRqh

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5216bb522237025747fb9842fd766140
- Size
  
  152KB
- MD5
  
  5216bb522237025747fb9842fd766140
- SHA1
  
  99c6f02c60f09e7baa0a46b387111b599fb9fbd7
- SHA256
  
  28ad6e46e20367d7608d87023d7f50b2efb425b46f0797d1e57d38bdde6b5b9d
- SHA512
  
  36053ab90193424d6c014017aeaf127c778108ff8d972e662a5040d9c62124c22042d5c195650a1bee183830867dc4b5bcabaac97daed11e3d50be7608d420cb
- SSDEEP
  
  3072:k/QMFZvOsi67UvPql3psQl0XD6VIOsHbM2N2eGWYxJ9jTbRfZUh:/MVRUvQ3rXKLbM2cIS9jXRqh
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2