997fe64a148df59ac52957a2048929be0323c8f50b976a8556a8b8ffd4ad9832 | Triage

Sharing

General

Target

9883987c12b185635e879ee7a779f13e
Size

249KB
Sample

240213-ffhrhabe3v
MD5

9883987c12b185635e879ee7a779f13e
SHA1

36ec88435b53151607cc7a5ec70eec97d775f4a8
SHA256

997fe64a148df59ac52957a2048929be0323c8f50b976a8556a8b8ffd4ad9832
SHA512

1fa15228590b4888cc09d867953fa138916997c831151059695721aa6d033d47320caa0a17f5ebb29f0404545774b32d5444d4e1374ce5e692989b57e2a5b274
SSDEEP

6144:cnhb/3N5j3ZkjNceoxgfxsBOi/TIEGJECF8:WhzZkjCeoxgZ+OiLIEOEC

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  9883987c12b185635e879ee7a779f13e
- Size
  
  249KB
- MD5
  
  9883987c12b185635e879ee7a779f13e
- SHA1
  
  36ec88435b53151607cc7a5ec70eec97d775f4a8
- SHA256
  
  997fe64a148df59ac52957a2048929be0323c8f50b976a8556a8b8ffd4ad9832
- SHA512
  
  1fa15228590b4888cc09d867953fa138916997c831151059695721aa6d033d47320caa0a17f5ebb29f0404545774b32d5444d4e1374ce5e692989b57e2a5b274
- SSDEEP
  
  6144:cnhb/3N5j3ZkjNceoxgfxsBOi/TIEGJECF8:WhzZkjCeoxgZ+OiLIEOEC
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2