3ab004eb94aef7dd8ae80a6619a86507f6161c6a102e1f3faa114ff3d3a2c218 | Triage

Sharing

General

Target

89b648751346dba4a9089a84f801a05d
Size

248KB
Sample

240202-rf14maabbr
MD5

89b648751346dba4a9089a84f801a05d
SHA1

1ea7a06e2a0ac3d6c3391bbda697d73b52da3bab
SHA256

3ab004eb94aef7dd8ae80a6619a86507f6161c6a102e1f3faa114ff3d3a2c218
SHA512

3c2dbb2a8595e720262bcbccb068d7e6f5decf46a9a60eadf6d20dfa6161dfc12992e2d1701f105577e31a18c8c979d1b61067ab327db915382e308fd3c8359d
SSDEEP

6144:SdPKzhTpU9R4cOqjlQuIm3U2gTrNZgJumX2G:sKzhTWkc1lQnTuumX2G

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  89b648751346dba4a9089a84f801a05d
- Size
  
  248KB
- MD5
  
  89b648751346dba4a9089a84f801a05d
- SHA1
  
  1ea7a06e2a0ac3d6c3391bbda697d73b52da3bab
- SHA256
  
  3ab004eb94aef7dd8ae80a6619a86507f6161c6a102e1f3faa114ff3d3a2c218
- SHA512
  
  3c2dbb2a8595e720262bcbccb068d7e6f5decf46a9a60eadf6d20dfa6161dfc12992e2d1701f105577e31a18c8c979d1b61067ab327db915382e308fd3c8359d
- SSDEEP
  
  6144:SdPKzhTpU9R4cOqjlQuIm3U2gTrNZgJumX2G:sKzhTWkc1lQnTuumX2G
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence