4ff24f30cb031f75ba93c51a8604cdf90c8b112bd848df84c991713b5d5d3078 | Triage

Sharing

General

Target

6bf1f9b0bb08ae83980cf8d36728960f
Size

254KB
Sample

240121-bchj4sbfap
MD5

6bf1f9b0bb08ae83980cf8d36728960f
SHA1

85315cb047b5f480dead9cec00808af736c461d0
SHA256

4ff24f30cb031f75ba93c51a8604cdf90c8b112bd848df84c991713b5d5d3078
SHA512

ab3ba9b2a8cbb4fda04f0204ad01ab55c4ffa98547177b6ece0161fb790d8c8b37ab2c1252bafd74a4f7c0d372fa1717b78ff18e278662b3e5e643dfbc7e6a3f
SSDEEP

6144:haF5DXU2maEPKJnocyEzMEGH+BhZJm38TYouT:s7DXAFCucNAEvrTT

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  6bf1f9b0bb08ae83980cf8d36728960f
- Size
  
  254KB
- MD5
  
  6bf1f9b0bb08ae83980cf8d36728960f
- SHA1
  
  85315cb047b5f480dead9cec00808af736c461d0
- SHA256
  
  4ff24f30cb031f75ba93c51a8604cdf90c8b112bd848df84c991713b5d5d3078
- SHA512
  
  ab3ba9b2a8cbb4fda04f0204ad01ab55c4ffa98547177b6ece0161fb790d8c8b37ab2c1252bafd74a4f7c0d372fa1717b78ff18e278662b3e5e643dfbc7e6a3f
- SSDEEP
  
  6144:haF5DXU2maEPKJnocyEzMEGH+BhZJm38TYouT:s7DXAFCucNAEvrTT
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2