ec771427b49936dedbd2f9537d674403b1dc1f412a975aa28a7a7ca2c58bf60a | Triage

Sharing

General

Target

4789fbb1fed43018a41ec55db5eb570c
Size

55KB
Sample

240107-anef6accc2
MD5

4789fbb1fed43018a41ec55db5eb570c
SHA1

0b652bca4f3f054ead04b56609df897c0137fb03
SHA256

ec771427b49936dedbd2f9537d674403b1dc1f412a975aa28a7a7ca2c58bf60a
SHA512

876a52b1981262481fe4704be8e8b17d610d8d88b14adc1be330d5b10eb76d91b07109575b2750c0f620f95d608fe628b6ab1c3e0a49cb23ff2f2869b3e2a2f0
SSDEEP

1536:tYZANK7y1nMmvgPNB+MeLhJlk+fVWGkzVUYE:qwKmVxoPNB+3LXq+fVWGkLE

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  4789fbb1fed43018a41ec55db5eb570c
- Size
  
  55KB
- MD5
  
  4789fbb1fed43018a41ec55db5eb570c
- SHA1
  
  0b652bca4f3f054ead04b56609df897c0137fb03
- SHA256
  
  ec771427b49936dedbd2f9537d674403b1dc1f412a975aa28a7a7ca2c58bf60a
- SHA512
  
  876a52b1981262481fe4704be8e8b17d610d8d88b14adc1be330d5b10eb76d91b07109575b2750c0f620f95d608fe628b6ab1c3e0a49cb23ff2f2869b3e2a2f0
- SSDEEP
  
  1536:tYZANK7y1nMmvgPNB+MeLhJlk+fVWGkzVUYE:qwKmVxoPNB+3LXq+fVWGkLE
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2