0d17c1b7ac57d9ef3b84b7c601cec5c593f87d49d0c6ca6ea49bb0e2c01caccb | Triage

Sharing

General

Target

2a057c89b1d96ced1724c089b154753b
Size

255KB
Sample

231231-f6fptsdhak
MD5

2a057c89b1d96ced1724c089b154753b
SHA1

db2e2e72c8f4670a9e4bf4c9a743dcda2510d000
SHA256

0d17c1b7ac57d9ef3b84b7c601cec5c593f87d49d0c6ca6ea49bb0e2c01caccb
SHA512

ede01cedd3c9aebfd4e8167a873f59039b06b508e492f3def498afd1902017c5f6ccc89bd8e9a8fa78e996d855af39f9befe4e55b0d71e7f97b6999f14e67202
SSDEEP

6144:e/jyywaV4meKBMqiehW00g4KjsZPyO/2PeKwoCyO1P2+Mau:8jMajedqiWz0gFO/VBTfHu

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2a057c89b1d96ced1724c089b154753b
- Size
  
  255KB
- MD5
  
  2a057c89b1d96ced1724c089b154753b
- SHA1
  
  db2e2e72c8f4670a9e4bf4c9a743dcda2510d000
- SHA256
  
  0d17c1b7ac57d9ef3b84b7c601cec5c593f87d49d0c6ca6ea49bb0e2c01caccb
- SHA512
  
  ede01cedd3c9aebfd4e8167a873f59039b06b508e492f3def498afd1902017c5f6ccc89bd8e9a8fa78e996d855af39f9befe4e55b0d71e7f97b6999f14e67202
- SSDEEP
  
  6144:e/jyywaV4meKBMqiehW00g4KjsZPyO/2PeKwoCyO1P2+Mau:8jMajedqiWz0gFO/VBTfHu
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2