0ace1841939b63f43f033ab096b61846f373b359d9c927096752d88c437bcbb6 | Triage

Sharing

General

Target

VirusShare_15b406601992e80b9f5a22448a7df1f2
Size

58KB
Sample

240204-tkcb6sfhar
MD5

15b406601992e80b9f5a22448a7df1f2
SHA1

5213baac74fd04cdd846efb1656cd70a423d130d
SHA256

0ace1841939b63f43f033ab096b61846f373b359d9c927096752d88c437bcbb6
SHA512

10ad5e8047a459569d0ac3baeb3db414a6459a0222b65e4bbb39c45eba01fa59679f5d2fc785eafd53a35f5d01f7261d8bbd4f5ecd019b1401ad69d260279b85
SSDEEP

1536:p3kwY3zkrGpVKMZKpJFyO6tXp3EoIDQ4KSk:p32JK0SFb6tXW7CS

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  VirusShare_15b406601992e80b9f5a22448a7df1f2
- Size
  
  58KB
- MD5
  
  15b406601992e80b9f5a22448a7df1f2
- SHA1
  
  5213baac74fd04cdd846efb1656cd70a423d130d
- SHA256
  
  0ace1841939b63f43f033ab096b61846f373b359d9c927096752d88c437bcbb6
- SHA512
  
  10ad5e8047a459569d0ac3baeb3db414a6459a0222b65e4bbb39c45eba01fa59679f5d2fc785eafd53a35f5d01f7261d8bbd4f5ecd019b1401ad69d260279b85
- SSDEEP
  
  1536:p3kwY3zkrGpVKMZKpJFyO6tXp3EoIDQ4KSk:p32JK0SFb6tXW7CS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2