5152c064cd31273a82ce31e6ac60851b2c9f71d12f5251db3ca58f25edbeea6b | Triage

Sharing

General

Target

b980145d888b56c6bf52c6c9332098ce
Size

128KB
Sample

240307-yg4z8scc47
MD5

b980145d888b56c6bf52c6c9332098ce
SHA1

3b445171c8f5568d1b1c814870333c7813430b5e
SHA256

5152c064cd31273a82ce31e6ac60851b2c9f71d12f5251db3ca58f25edbeea6b
SHA512

64d8ef065988c0903f73822d003c696ec35f61b71c7f42131a38068c238c05c14333a9bf39d06140aa4df16cb809bfd3d70596963e83643c57a685344ca6ab54
SSDEEP

3072:rhY8WFCZbPwrjpl+8X3oOcMJ0OYNAKiJ37k:rhYGSf1X3vc83k

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b980145d888b56c6bf52c6c9332098ce
- Size
  
  128KB
- MD5
  
  b980145d888b56c6bf52c6c9332098ce
- SHA1
  
  3b445171c8f5568d1b1c814870333c7813430b5e
- SHA256
  
  5152c064cd31273a82ce31e6ac60851b2c9f71d12f5251db3ca58f25edbeea6b
- SHA512
  
  64d8ef065988c0903f73822d003c696ec35f61b71c7f42131a38068c238c05c14333a9bf39d06140aa4df16cb809bfd3d70596963e83643c57a685344ca6ab54
- SSDEEP
  
  3072:rhY8WFCZbPwrjpl+8X3oOcMJ0OYNAKiJ37k:rhYGSf1X3vc83k
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2