15ecdd54bce79d35279445d133c8569020712c4ef9a8d3536d40415bea7316a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87e07465ac12df0df6427797afa6f3f1
Size

335KB
Sample

240201-2vgnmsabhm
MD5

87e07465ac12df0df6427797afa6f3f1
SHA1

c38b951ac2a7905569bea30f7b67a569dc0dff5e
SHA256

15ecdd54bce79d35279445d133c8569020712c4ef9a8d3536d40415bea7316a1
SHA512

aeb2deb84812da7a43f4d2ed289645b293700c3748df660266096c232677595446f6a0daa4b4e66cd554279427cf895b428b3a0d5ebacbf983fadb7a52572b55
SSDEEP

6144:dlDTSNsJsYtP0XVDP2j7h+dXM2DAv65gy0xBEXnXjR6k356Yr7QB:dhoitQVrTXoNx0T35tAB

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  87e07465ac12df0df6427797afa6f3f1
- Size
  
  335KB
- MD5
  
  87e07465ac12df0df6427797afa6f3f1
- SHA1
  
  c38b951ac2a7905569bea30f7b67a569dc0dff5e
- SHA256
  
  15ecdd54bce79d35279445d133c8569020712c4ef9a8d3536d40415bea7316a1
- SHA512
  
  aeb2deb84812da7a43f4d2ed289645b293700c3748df660266096c232677595446f6a0daa4b4e66cd554279427cf895b428b3a0d5ebacbf983fadb7a52572b55
- SSDEEP
  
  6144:dlDTSNsJsYtP0XVDP2j7h+dXM2DAv65gy0xBEXnXjR6k356Yr7QB:dhoitQVrTXoNx0T35tAB
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence