88d29243b5d3b7a8b740b43f635c2ed7203d1e8d2be4703dab569c808536323d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7f8fb737114bee92da223d245cba72fa
Size

486KB
Sample

240129-l5f7vsghbl
MD5

7f8fb737114bee92da223d245cba72fa
SHA1

c2f26d7d64a4cdca30cd4047a9a7276ff1262e7f
SHA256

88d29243b5d3b7a8b740b43f635c2ed7203d1e8d2be4703dab569c808536323d
SHA512

bfa86020469d16f54f695ae73fb7782193af0ca3524a9c6badb53dff4c86cd1395c9494de979c0d751ff44f45e71d8a517b3da5ca0757b193f7427cb5a14f3df
SSDEEP

6144:IvtbG8p28MzRSf/1GSmbtanDVxplj+AbTJK9z50zkoHaDS0p/h9FpWhfajs6z4h:IvpFERY1GHbwV3T+KZHFG/h9FQhCALh

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  7f8fb737114bee92da223d245cba72fa
- Size
  
  486KB
- MD5
  
  7f8fb737114bee92da223d245cba72fa
- SHA1
  
  c2f26d7d64a4cdca30cd4047a9a7276ff1262e7f
- SHA256
  
  88d29243b5d3b7a8b740b43f635c2ed7203d1e8d2be4703dab569c808536323d
- SHA512
  
  bfa86020469d16f54f695ae73fb7782193af0ca3524a9c6badb53dff4c86cd1395c9494de979c0d751ff44f45e71d8a517b3da5ca0757b193f7427cb5a14f3df
- SSDEEP
  
  6144:IvtbG8p28MzRSf/1GSmbtanDVxplj+AbTJK9z50zkoHaDS0p/h9FpWhfajs6z4h:IvpFERY1GHbwV3T+KZHFG/h9FQhCALh
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2