33bd4d59ba1288db3680d2539ac5cff725741f7a075a9433a9312a7db931cc89 | Triage

Sharing

General

Target

0acdbf6b25a91c5f4893e400e65e0496
Size

244KB
Sample

231230-cb6qzseghr
MD5

0acdbf6b25a91c5f4893e400e65e0496
SHA1

286543197ef5eab99694c4fdc9d809acb8ddfbf7
SHA256

33bd4d59ba1288db3680d2539ac5cff725741f7a075a9433a9312a7db931cc89
SHA512

588a08b822a87be0b5c4bf281113c29612f62447037df625d6a98620ad8cc3b2112566e31bf58b9807695b66d0d3e08a2534f5a5fc21ea23a2edb2183d25e23b
SSDEEP

3072:SH8cRYc70fvbtCiqTf0dYTaMd4fh6FDGeTWXXCwu6Jw7WmXSHAXgamyPDbM:SHTH0fv5dyDxYCwu6mH2AX1DM

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0acdbf6b25a91c5f4893e400e65e0496
- Size
  
  244KB
- MD5
  
  0acdbf6b25a91c5f4893e400e65e0496
- SHA1
  
  286543197ef5eab99694c4fdc9d809acb8ddfbf7
- SHA256
  
  33bd4d59ba1288db3680d2539ac5cff725741f7a075a9433a9312a7db931cc89
- SHA512
  
  588a08b822a87be0b5c4bf281113c29612f62447037df625d6a98620ad8cc3b2112566e31bf58b9807695b66d0d3e08a2534f5a5fc21ea23a2edb2183d25e23b
- SSDEEP
  
  3072:SH8cRYc70fvbtCiqTf0dYTaMd4fh6FDGeTWXXCwu6Jw7WmXSHAXgamyPDbM:SHTH0fv5dyDxYCwu6mH2AX1DM
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2