77ee252b07e68dc35fc20b9c8b07b2bcce38d45912d9420239578a5e04131b8f | Triage

Sharing

General

Target

71abcd053e767e8463bd377c5c2b908f
Size

145KB
Sample

231226-qj1rlagegn
MD5

71abcd053e767e8463bd377c5c2b908f
SHA1

407e033b5effa9e02d148cfdc1edc73230f39274
SHA256

77ee252b07e68dc35fc20b9c8b07b2bcce38d45912d9420239578a5e04131b8f
SHA512

68e736496edcd412831eb7c3c526f2bc6eca14f007837d3ae15d187f312ee72afa3dddba33958d310c88ee07320f56035b07d82df2d580a28bdcb4f323158a1e
SSDEEP

3072:/juq3BQoNypn9hvkwXtvmZ6Q4YxmiPkCaepM9GPw:/jdz0n9hvkwXtvmxmwXK94w

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  71abcd053e767e8463bd377c5c2b908f
- Size
  
  145KB
- MD5
  
  71abcd053e767e8463bd377c5c2b908f
- SHA1
  
  407e033b5effa9e02d148cfdc1edc73230f39274
- SHA256
  
  77ee252b07e68dc35fc20b9c8b07b2bcce38d45912d9420239578a5e04131b8f
- SHA512
  
  68e736496edcd412831eb7c3c526f2bc6eca14f007837d3ae15d187f312ee72afa3dddba33958d310c88ee07320f56035b07d82df2d580a28bdcb4f323158a1e
- SSDEEP
  
  3072:/juq3BQoNypn9hvkwXtvmZ6Q4YxmiPkCaepM9GPw:/jdz0n9hvkwXtvmxmwXK94w
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2