600aae5f881be2f0a6c772aca4e4fb9174c78f77d748372921641c27bdce9b59 | Triage

Sharing

General

Target

2773059191dfc07b766a7919db20c22f
Size

75KB
Sample

231231-en3afaffbm
MD5

2773059191dfc07b766a7919db20c22f
SHA1

542a881c9267a274f076cb6200087f2fc85e2a03
SHA256

600aae5f881be2f0a6c772aca4e4fb9174c78f77d748372921641c27bdce9b59
SHA512

8a84d70585ec42108adea562514947a23882438dffe8f7074f95bad95e83479fceff02c675499b0f7bcb0ca46d3d14091cfa5c2d8ffb174ada43b02d6a53299e
SSDEEP

1536:YbzX899aqM8/wZGccL9DQHl45XWqlXtXp:YbzXaakoHchDQHlY3

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  2773059191dfc07b766a7919db20c22f
- Size
  
  75KB
- MD5
  
  2773059191dfc07b766a7919db20c22f
- SHA1
  
  542a881c9267a274f076cb6200087f2fc85e2a03
- SHA256
  
  600aae5f881be2f0a6c772aca4e4fb9174c78f77d748372921641c27bdce9b59
- SHA512
  
  8a84d70585ec42108adea562514947a23882438dffe8f7074f95bad95e83479fceff02c675499b0f7bcb0ca46d3d14091cfa5c2d8ffb174ada43b02d6a53299e
- SSDEEP
  
  1536:YbzX899aqM8/wZGccL9DQHl45XWqlXtXp:YbzXaakoHchDQHlY3
Score

6^/10

persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2