c9113d59f62469218952967fb4b007199182241e4aa8fc593b8af7415a4c97db | Triage

Sharing

General

Target

7648837c1662a2aa04dfe9445a38fe38
Size

281KB
Sample

240126-d6j15seegm
MD5

7648837c1662a2aa04dfe9445a38fe38
SHA1

57bf107c518134d20b482bd16d26e0d3e9237b3d
SHA256

c9113d59f62469218952967fb4b007199182241e4aa8fc593b8af7415a4c97db
SHA512

be0e340b7d44fc4b94c18c47acb479952675825734009ddee9447513fe1eceefc13216940aa992d1b6e2c63c1c856c7be5346a867c1dfd5e6fbbf12979d55914
SSDEEP

6144:cA6W7hZWRuuMrkNw2KQU1uJQIfvYmziFMm8LXoBmbOhFUI5Au:chW7r7rkieUUBfvChUXmmbqKt

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  7648837c1662a2aa04dfe9445a38fe38
- Size
  
  281KB
- MD5
  
  7648837c1662a2aa04dfe9445a38fe38
- SHA1
  
  57bf107c518134d20b482bd16d26e0d3e9237b3d
- SHA256
  
  c9113d59f62469218952967fb4b007199182241e4aa8fc593b8af7415a4c97db
- SHA512
  
  be0e340b7d44fc4b94c18c47acb479952675825734009ddee9447513fe1eceefc13216940aa992d1b6e2c63c1c856c7be5346a867c1dfd5e6fbbf12979d55914
- SSDEEP
  
  6144:cA6W7hZWRuuMrkNw2KQU1uJQIfvYmziFMm8LXoBmbOhFUI5Au:chW7r7rkieUUBfvChUXmmbqKt
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2