2e8772cbbcc609ebd730db9c9db6588beeed8a418a196cef28a3ca8f7c793e7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

717b24cc51b53a7e9ffd48db5cfe0f1a
Size

81KB
Sample

240124-fdh99abaaq
MD5

717b24cc51b53a7e9ffd48db5cfe0f1a
SHA1

891c3e4615ef4398be6be899e9a6c6215c5d85e1
SHA256

2e8772cbbcc609ebd730db9c9db6588beeed8a418a196cef28a3ca8f7c793e7f
SHA512

7400a5d6b5880742d5d2ed2ad7f61aab329e03d3de3279285ad2d324cc05dfddb85da5965b9e45cccfdf33ec8b3073c0621180e7dd3f30c031484cec0f4b50de
SSDEEP

768:2rFPx8ceViHNaZyiJHFlnjSSO3c1boD9d9rA49U6n1hPLJ890GMkJ5z9o6je4K6S:2ByKNaZXWYEi4K6nPMbLRoMe4KgI

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  717b24cc51b53a7e9ffd48db5cfe0f1a
- Size
  
  81KB
- MD5
  
  717b24cc51b53a7e9ffd48db5cfe0f1a
- SHA1
  
  891c3e4615ef4398be6be899e9a6c6215c5d85e1
- SHA256
  
  2e8772cbbcc609ebd730db9c9db6588beeed8a418a196cef28a3ca8f7c793e7f
- SHA512
  
  7400a5d6b5880742d5d2ed2ad7f61aab329e03d3de3279285ad2d324cc05dfddb85da5965b9e45cccfdf33ec8b3073c0621180e7dd3f30c031484cec0f4b50de
- SSDEEP
  
  768:2rFPx8ceViHNaZyiJHFlnjSSO3c1boD9d9rA49U6n1hPLJ890GMkJ5z9o6je4K6S:2ByKNaZXWYEi4K6nPMbLRoMe4KgI
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2