777e5668ddbca7ac83cd060c7d439b77ac2c478d56ea4e54a495f035466b5e8b | Triage

Sharing

General

Target

0d3864ad40a03d360c6d8cd3d576683e
Size

243KB
Sample

231230-d7kdasgbf9
MD5

0d3864ad40a03d360c6d8cd3d576683e
SHA1

75c107e3d60e4092fd6b615a306276da2896ee91
SHA256

777e5668ddbca7ac83cd060c7d439b77ac2c478d56ea4e54a495f035466b5e8b
SHA512

f27592b9128ec74f3d7d39d196f08c996dc23a1b4d41407b89442b7fcda2faf4fe66b39d99f51067ce22a9556977ea0bf8471bb4036f924b75d10b9b7fb42b0c
SSDEEP

6144:K0sL59fW/FhMzWxK35o4PGMlYZWe9wz2ZHOSNUknAlsHMT2XlW:K0srfiFlxK35o4PGMEWjzwHnUH+lW

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  0d3864ad40a03d360c6d8cd3d576683e
- Size
  
  243KB
- MD5
  
  0d3864ad40a03d360c6d8cd3d576683e
- SHA1
  
  75c107e3d60e4092fd6b615a306276da2896ee91
- SHA256
  
  777e5668ddbca7ac83cd060c7d439b77ac2c478d56ea4e54a495f035466b5e8b
- SHA512
  
  f27592b9128ec74f3d7d39d196f08c996dc23a1b4d41407b89442b7fcda2faf4fe66b39d99f51067ce22a9556977ea0bf8471bb4036f924b75d10b9b7fb42b0c
- SSDEEP
  
  6144:K0sL59fW/FhMzWxK35o4PGMlYZWe9wz2ZHOSNUknAlsHMT2XlW:K0srfiFlxK35o4PGMEWjzwHnUH+lW
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2