673fdd6ecf014ef7523970385191743ab5612f948333cf984407b7ad4e9fb4d6 | Triage

Sharing

General

Target

2d2e4d113505a1061cce4d16162c9aa6
Size

256KB
Sample

231231-h6ylraehhq
MD5

2d2e4d113505a1061cce4d16162c9aa6
SHA1

f74c00981d891d44a4a22139424622bbf33e540f
SHA256

673fdd6ecf014ef7523970385191743ab5612f948333cf984407b7ad4e9fb4d6
SHA512

4290a5eff962aa4cb87d2a7ce24dec9a0dfa7019fc9a9e214ac216da5c880231ed42cf9d0f71f99a8c6cf8f623ced9200b5422c3da43d6e855c8fcfbb918da7d
SSDEEP

6144:WFHT4OJu57Ka5fZi78yh+dErb9yNYXPjyeeKR:u4Ofay78yQdEANCPjneu

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  2d2e4d113505a1061cce4d16162c9aa6
- Size
  
  256KB
- MD5
  
  2d2e4d113505a1061cce4d16162c9aa6
- SHA1
  
  f74c00981d891d44a4a22139424622bbf33e540f
- SHA256
  
  673fdd6ecf014ef7523970385191743ab5612f948333cf984407b7ad4e9fb4d6
- SHA512
  
  4290a5eff962aa4cb87d2a7ce24dec9a0dfa7019fc9a9e214ac216da5c880231ed42cf9d0f71f99a8c6cf8f623ced9200b5422c3da43d6e855c8fcfbb918da7d
- SSDEEP
  
  6144:WFHT4OJu57Ka5fZi78yh+dErb9yNYXPjyeeKR:u4Ofay78yQdEANCPjneu
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2