c61d50a499a845708c725ef12cf9fa1c5f75becd95fa3ad432b68e20037f8f57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6cb933bd79536d305e738a5aa8f782b
Size

709KB
Sample

231228-zhex6sgaf3
MD5

f6cb933bd79536d305e738a5aa8f782b
SHA1

330ae0547788c2d572c9ec4684369055aa8e8ef0
SHA256

c61d50a499a845708c725ef12cf9fa1c5f75becd95fa3ad432b68e20037f8f57
SHA512

a48b1a17d02872bcc2bc51228d1fd883012e2e42271d1086ea58dd6b45e2a3ef036c6625a538fbcaa8d6114c952256d7f0db2baeede538630871c3c9fc4fcb5e
SSDEEP

12288:dQkrvRgPfS44TVcjfZQ44kOPmnow6xXGtKkUx1LI9Ri4EqV6jnv11FG:akVg3SfT4C2t6NGUfLQo91o

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f6cb933bd79536d305e738a5aa8f782b
- Size
  
  709KB
- MD5
  
  f6cb933bd79536d305e738a5aa8f782b
- SHA1
  
  330ae0547788c2d572c9ec4684369055aa8e8ef0
- SHA256
  
  c61d50a499a845708c725ef12cf9fa1c5f75becd95fa3ad432b68e20037f8f57
- SHA512
  
  a48b1a17d02872bcc2bc51228d1fd883012e2e42271d1086ea58dd6b45e2a3ef036c6625a538fbcaa8d6114c952256d7f0db2baeede538630871c3c9fc4fcb5e
- SSDEEP
  
  12288:dQkrvRgPfS44TVcjfZQ44kOPmnow6xXGtKkUx1LI9Ri4EqV6jnv11FG:akVg3SfT4C2t6NGUfLQo91o
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2