4d1ebf0fd6397e770ff092f8781931f14f4494e29b2339e4bd378be2c8beaa90 | Triage

Sharing

General

Target

392b41762958db7204f4f37d581bb9d2
Size

237KB
Sample

231231-rexptadac2
MD5

392b41762958db7204f4f37d581bb9d2
SHA1

00864df18bed9b337605fe1939cc9ec1c6b800cf
SHA256

4d1ebf0fd6397e770ff092f8781931f14f4494e29b2339e4bd378be2c8beaa90
SHA512

aeeb54b5bc10113c3490456f09de71b90e245ecab2992d1a2d7eefb9d2ed5f6fcee71bb396d05529e13fc5fb2beefa5a9cc2697eb2f1943bb65a3d2b126391f5
SSDEEP

6144:CH0bSxwuyU2hQRMjBJBZvogjCuLyCgK2Ru:CHAEwpU2hQmDvvJLz8U

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  392b41762958db7204f4f37d581bb9d2
- Size
  
  237KB
- MD5
  
  392b41762958db7204f4f37d581bb9d2
- SHA1
  
  00864df18bed9b337605fe1939cc9ec1c6b800cf
- SHA256
  
  4d1ebf0fd6397e770ff092f8781931f14f4494e29b2339e4bd378be2c8beaa90
- SHA512
  
  aeeb54b5bc10113c3490456f09de71b90e245ecab2992d1a2d7eefb9d2ed5f6fcee71bb396d05529e13fc5fb2beefa5a9cc2697eb2f1943bb65a3d2b126391f5
- SSDEEP
  
  6144:CH0bSxwuyU2hQRMjBJBZvogjCuLyCgK2Ru:CHAEwpU2hQmDvvJLz8U
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2