992c30fb6592698c55cab1b5f79b935851ffff44fba14fced78509c40adfe590 | Triage

Sharing

General

Target

261bb636d6195f5582ab63a70e8e7c95
Size

247KB
Sample

231231-dt1s5aaeh6
MD5

261bb636d6195f5582ab63a70e8e7c95
SHA1

7e24100595806dfb80f01a238fa1cf2bc5bcad26
SHA256

992c30fb6592698c55cab1b5f79b935851ffff44fba14fced78509c40adfe590
SHA512

d40690046dbdd68e50fdce94799564b118c3795d322afb1ccf03ee3ebc4ca91ff5959e0c29251f21fed261dd6204aa7be7cb5c51998b46debdc7785cb7b28ad8
SSDEEP

6144:LLf7LEIC/+gEYMKd1UGg80wcFPnvt7eaxj7WqK:L77BCGgBd+zPrhvMo7Wq

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  261bb636d6195f5582ab63a70e8e7c95
- Size
  
  247KB
- MD5
  
  261bb636d6195f5582ab63a70e8e7c95
- SHA1
  
  7e24100595806dfb80f01a238fa1cf2bc5bcad26
- SHA256
  
  992c30fb6592698c55cab1b5f79b935851ffff44fba14fced78509c40adfe590
- SHA512
  
  d40690046dbdd68e50fdce94799564b118c3795d322afb1ccf03ee3ebc4ca91ff5959e0c29251f21fed261dd6204aa7be7cb5c51998b46debdc7785cb7b28ad8
- SSDEEP
  
  6144:LLf7LEIC/+gEYMKd1UGg80wcFPnvt7eaxj7WqK:L77BCGgBd+zPrhvMo7Wq
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2