263f626328b872985dd8839942eed9401dec0db6196052bff5c30286d2dd5d99 | Triage

Sharing

General

Target

95a34321e790feaa5eb52be7407a6b78
Size

245KB
Sample

240206-2k27labgdl
MD5

95a34321e790feaa5eb52be7407a6b78
SHA1

17ab8f6c2952544475fd3d3907b083fe950e3694
SHA256

263f626328b872985dd8839942eed9401dec0db6196052bff5c30286d2dd5d99
SHA512

7b469d892d481924302be8c9e66771bfe5db89e4ee168de49a7ee26133c97b432abb1c17d7b4262307a6dfaa3f862562267fa448c92b557982e1db8ddaa0287e
SSDEEP

6144:UA4nSSpKnK7b+1Czdh3/0VZ494C78ELJfdjy:D4nBoKvDzz8VvgJF1jy

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  95a34321e790feaa5eb52be7407a6b78
- Size
  
  245KB
- MD5
  
  95a34321e790feaa5eb52be7407a6b78
- SHA1
  
  17ab8f6c2952544475fd3d3907b083fe950e3694
- SHA256
  
  263f626328b872985dd8839942eed9401dec0db6196052bff5c30286d2dd5d99
- SHA512
  
  7b469d892d481924302be8c9e66771bfe5db89e4ee168de49a7ee26133c97b432abb1c17d7b4262307a6dfaa3f862562267fa448c92b557982e1db8ddaa0287e
- SSDEEP
  
  6144:UA4nSSpKnK7b+1Czdh3/0VZ494C78ELJfdjy:D4nBoKvDzz8VvgJF1jy
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2