19ec4bcf25c8d40751a9763b2a581044b3b9e2b6e3a3f3615c51efe2b53f4f1d | Triage

Sharing

General

Target

15a00d14fdd2f4764054e35e4d7d4dce
Size

332KB
Sample

231230-mbcs1sabb9
MD5

15a00d14fdd2f4764054e35e4d7d4dce
SHA1

010c262ffa2b727c968f17845d825a432db7d93e
SHA256

19ec4bcf25c8d40751a9763b2a581044b3b9e2b6e3a3f3615c51efe2b53f4f1d
SHA512

ceb4c51b128a3e0453c980de19d0693e74e9661424e4591cfa5984b35050f583c9ee45d605205a25d56868a179f920df09cd5dd792423444ec1c5caf84a69f54
SSDEEP

6144:2QMBL1mXDin/MqgTrLk7IL9pKpVQTvS0RhS/Xa6e2Ah2vrn:XMLmX2/MLnkYIqvS+hAKp2AMvz

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  15a00d14fdd2f4764054e35e4d7d4dce
- Size
  
  332KB
- MD5
  
  15a00d14fdd2f4764054e35e4d7d4dce
- SHA1
  
  010c262ffa2b727c968f17845d825a432db7d93e
- SHA256
  
  19ec4bcf25c8d40751a9763b2a581044b3b9e2b6e3a3f3615c51efe2b53f4f1d
- SHA512
  
  ceb4c51b128a3e0453c980de19d0693e74e9661424e4591cfa5984b35050f583c9ee45d605205a25d56868a179f920df09cd5dd792423444ec1c5caf84a69f54
- SSDEEP
  
  6144:2QMBL1mXDin/MqgTrLk7IL9pKpVQTvS0RhS/Xa6e2Ah2vrn:XMLmX2/MLnkYIqvS+hAKp2AMvz
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2