863bc4b2312d434765e5f6139a78aef5d1129f7b5993743dd3ebe575b717a23a | Triage

Sharing

General

Target

599ca8f5851b74665fe15d98671d1158
Size

156KB
Sample

231226-g8e2rafaaq
MD5

599ca8f5851b74665fe15d98671d1158
SHA1

30ceb0fb944446500e183c37d8f856c8cfa7a4ae
SHA256

863bc4b2312d434765e5f6139a78aef5d1129f7b5993743dd3ebe575b717a23a
SHA512

914922a3b279cd0190e591f8e31b8b8e8c7a5d8c4ca41c95de753dd147525109d2617cec6b32b4eeb06adb9cdb5c07c7266937223a82d2893001140a46d99a85
SSDEEP

3072:JYtZ4CBsZb283TRqEba572VGQfjAdQPY+QF4YO+Lh:Jlm6TRqEba57DQfMdQAT5X

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  599ca8f5851b74665fe15d98671d1158
- Size
  
  156KB
- MD5
  
  599ca8f5851b74665fe15d98671d1158
- SHA1
  
  30ceb0fb944446500e183c37d8f856c8cfa7a4ae
- SHA256
  
  863bc4b2312d434765e5f6139a78aef5d1129f7b5993743dd3ebe575b717a23a
- SHA512
  
  914922a3b279cd0190e591f8e31b8b8e8c7a5d8c4ca41c95de753dd147525109d2617cec6b32b4eeb06adb9cdb5c07c7266937223a82d2893001140a46d99a85
- SSDEEP
  
  3072:JYtZ4CBsZb283TRqEba572VGQfjAdQPY+QF4YO+Lh:Jlm6TRqEba57DQfMdQAT5X
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence