8f71ec8799ba9347b3d90543ffa5fb20de8d30782ae37c2abaae508da4a2d507 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03623d9d0f8ef32fb848dfacde717231
Size

547KB
Sample

231229-zfa67secgn
MD5

03623d9d0f8ef32fb848dfacde717231
SHA1

b88b2364e5aad1b8fb92b432d144e668780e8d40
SHA256

8f71ec8799ba9347b3d90543ffa5fb20de8d30782ae37c2abaae508da4a2d507
SHA512

645e5690ed677d7721003b567e42c17519fc5d2f030c612e8e46e6b353408f1a3eeefb57fd69c09eb6f5620810f2a1d8abb28f5355d0e493f074101a5e2b7b63
SSDEEP

12288:BiGhMiF/SY8r4lelwRzQQreVcyv533SZSW4yszBD+oJFbSTd4xQC/FIm3:BF+Y8rMelw5az3iZSWmzR5bWyQuIS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  03623d9d0f8ef32fb848dfacde717231
- Size
  
  547KB
- MD5
  
  03623d9d0f8ef32fb848dfacde717231
- SHA1
  
  b88b2364e5aad1b8fb92b432d144e668780e8d40
- SHA256
  
  8f71ec8799ba9347b3d90543ffa5fb20de8d30782ae37c2abaae508da4a2d507
- SHA512
  
  645e5690ed677d7721003b567e42c17519fc5d2f030c612e8e46e6b353408f1a3eeefb57fd69c09eb6f5620810f2a1d8abb28f5355d0e493f074101a5e2b7b63
- SSDEEP
  
  12288:BiGhMiF/SY8r4lelwRzQQreVcyv533SZSW4yszBD+oJFbSTd4xQC/FIm3:BF+Y8rMelw5az3iZSWmzR5bWyQuIS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2