bc347bbdb40ad2db62197b179b4b97ee43550d5da9256e36885b655576b9fc16 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3dd70c1a25aadcd716584f06b99e0816
Size

56KB
Sample

240101-zhy12sadaj
MD5

3dd70c1a25aadcd716584f06b99e0816
SHA1

d3ed24396ca46be81163a519347d15abec4fde3d
SHA256

bc347bbdb40ad2db62197b179b4b97ee43550d5da9256e36885b655576b9fc16
SHA512

00f9e208e582fa2c92cbfade2803baa1758752445d9f43e75651ca6fdabfcd180f118b5f2a407ecd55921bfd5d503a14233e86070bc37baa39433337d177b396
SSDEEP

1536:/p/kAjBt7aq80Us+NJX/yoOphTNgm/gIJt:B/9taxjX/3OpxNdt

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  3dd70c1a25aadcd716584f06b99e0816
- Size
  
  56KB
- MD5
  
  3dd70c1a25aadcd716584f06b99e0816
- SHA1
  
  d3ed24396ca46be81163a519347d15abec4fde3d
- SHA256
  
  bc347bbdb40ad2db62197b179b4b97ee43550d5da9256e36885b655576b9fc16
- SHA512
  
  00f9e208e582fa2c92cbfade2803baa1758752445d9f43e75651ca6fdabfcd180f118b5f2a407ecd55921bfd5d503a14233e86070bc37baa39433337d177b396
- SSDEEP
  
  1536:/p/kAjBt7aq80Us+NJX/yoOphTNgm/gIJt:B/9taxjX/3OpxNdt
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2