bbbe0f87f32aa46d3fff7d38a14e18eaafc5da59ad4d116943114a48b9fa2800 | Triage

Sharing

General

Target

63c576b2d0d2232a7020cffec5d72ab0
Size

278KB
Sample

240117-2dl7ssfehj
MD5

63c576b2d0d2232a7020cffec5d72ab0
SHA1

8244042f6024f226aedf351da1f74f523b0c0842
SHA256

bbbe0f87f32aa46d3fff7d38a14e18eaafc5da59ad4d116943114a48b9fa2800
SHA512

07e8a9a655f1e89777e6978fb9fbb16411f9bc9f83b6c555ea16b0bb155f7e58c46c523a43f562ba4e40f387832a09c8152f71222c9a934c6f24950e2c6d6cef
SSDEEP

6144:8jpjHcQIdULzlD3YhvS98AlP4gL9rjRa9nglkDl:GpIWLz/JAk9rjRaNglkR

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  63c576b2d0d2232a7020cffec5d72ab0
- Size
  
  278KB
- MD5
  
  63c576b2d0d2232a7020cffec5d72ab0
- SHA1
  
  8244042f6024f226aedf351da1f74f523b0c0842
- SHA256
  
  bbbe0f87f32aa46d3fff7d38a14e18eaafc5da59ad4d116943114a48b9fa2800
- SHA512
  
  07e8a9a655f1e89777e6978fb9fbb16411f9bc9f83b6c555ea16b0bb155f7e58c46c523a43f562ba4e40f387832a09c8152f71222c9a934c6f24950e2c6d6cef
- SSDEEP
  
  6144:8jpjHcQIdULzlD3YhvS98AlP4gL9rjRa9nglkDl:GpIWLz/JAk9rjRaNglkR
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2