ff1caada5738fcb6cd6e4e83841e2bdfe49cbf767d7d4d6f1fd437e56b702a89 | Triage

Sharing

General

Target

996887ad773945a7884931c5f1ff5c94
Size

61KB
Sample

240213-pgvbcshd9z
MD5

996887ad773945a7884931c5f1ff5c94
SHA1

bbe87a1764221a20f8f35b4291ddb5cce7a8f468
SHA256

ff1caada5738fcb6cd6e4e83841e2bdfe49cbf767d7d4d6f1fd437e56b702a89
SHA512

7ec3b233032423ce0d09dbb23b31af24f82469b07e0ff11b728bcbc3e22bf95e829a14565fe8b8199d461ed431f3b2d19146ff8cf934c92fb2eb650266a0dfaa
SSDEEP

1536:B4lqiNHnPSMQQ+Z45SNTxdBlsZr48ECzJP0xBt7haC:GaMQ/7NdrlxaFPkt9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  996887ad773945a7884931c5f1ff5c94
- Size
  
  61KB
- MD5
  
  996887ad773945a7884931c5f1ff5c94
- SHA1
  
  bbe87a1764221a20f8f35b4291ddb5cce7a8f468
- SHA256
  
  ff1caada5738fcb6cd6e4e83841e2bdfe49cbf767d7d4d6f1fd437e56b702a89
- SHA512
  
  7ec3b233032423ce0d09dbb23b31af24f82469b07e0ff11b728bcbc3e22bf95e829a14565fe8b8199d461ed431f3b2d19146ff8cf934c92fb2eb650266a0dfaa
- SSDEEP
  
  1536:B4lqiNHnPSMQQ+Z45SNTxdBlsZr48ECzJP0xBt7haC:GaMQ/7NdrlxaFPkt9
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence