35efd6e55c007cb23d1dbdad8739fc2168b5b922f54b2dadbc413e5eb31decc5 | Triage

Sharing

General

Target

744695826257863c7567c820c4c6e8c0
Size

281KB
Sample

240125-kx6bcadbgk
MD5

744695826257863c7567c820c4c6e8c0
SHA1

1ed6df7ec410eb9035049e341fbcedb7d60928b9
SHA256

35efd6e55c007cb23d1dbdad8739fc2168b5b922f54b2dadbc413e5eb31decc5
SHA512

3dd3fdab83d147023122bb887f4065c182dd7d338fa6dba17932b54d24a4d68cd6289f6d365e1fbfb8940e3658bef2b050a8207c9afd2447e571d7a6759985ac
SSDEEP

6144:cA6W7hZWRquMrkNw2KQU1uJQIfvYmziFMm8LXoBmbOhFUI5Au:chW7r3rkieUUBfvChUXmmbqKt

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  744695826257863c7567c820c4c6e8c0
- Size
  
  281KB
- MD5
  
  744695826257863c7567c820c4c6e8c0
- SHA1
  
  1ed6df7ec410eb9035049e341fbcedb7d60928b9
- SHA256
  
  35efd6e55c007cb23d1dbdad8739fc2168b5b922f54b2dadbc413e5eb31decc5
- SHA512
  
  3dd3fdab83d147023122bb887f4065c182dd7d338fa6dba17932b54d24a4d68cd6289f6d365e1fbfb8940e3658bef2b050a8207c9afd2447e571d7a6759985ac
- SSDEEP
  
  6144:cA6W7hZWRquMrkNw2KQU1uJQIfvYmziFMm8LXoBmbOhFUI5Au:chW7r3rkieUUBfvChUXmmbqKt
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2