6bf32a69e43c97be65994a8f24b369eaa85d7f9d194d92cfaad35a9f37bab8ff | Triage

Sharing

General

Target

1d8b98f417340d9b399a5f9f9944b2e3
Size

744KB
Sample

231230-1nyg5shdb5
MD5

1d8b98f417340d9b399a5f9f9944b2e3
SHA1

19e4f629d735ac04504510b3a2d6124e654bf883
SHA256

6bf32a69e43c97be65994a8f24b369eaa85d7f9d194d92cfaad35a9f37bab8ff
SHA512

7247b16bbce7038ec7ee2313cd6356f1da0a8c31cfaa40dde53bddd67fee681b2db2aa334901f7b34898bd42fccd1d7b404f2bdfd6ce01a2106c270786a1d9c4
SSDEEP

12288:vfyDxDV00lo3Oxp88Cy1bFKkEgjRFa92VvABc4czAM6CZdUs:nuxC0lwOxp8K1xNVK2VvAPWOw

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  1d8b98f417340d9b399a5f9f9944b2e3
- Size
  
  744KB
- MD5
  
  1d8b98f417340d9b399a5f9f9944b2e3
- SHA1
  
  19e4f629d735ac04504510b3a2d6124e654bf883
- SHA256
  
  6bf32a69e43c97be65994a8f24b369eaa85d7f9d194d92cfaad35a9f37bab8ff
- SHA512
  
  7247b16bbce7038ec7ee2313cd6356f1da0a8c31cfaa40dde53bddd67fee681b2db2aa334901f7b34898bd42fccd1d7b404f2bdfd6ce01a2106c270786a1d9c4
- SSDEEP
  
  12288:vfyDxDV00lo3Oxp88Cy1bFKkEgjRFa92VvABc4czAM6CZdUs:nuxC0lwOxp8K1xNVK2VvAPWOw
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Sets file execution options in registry
  persistence
- Deletes itself
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2