89f3aad42602c38257524952b41ec7a048a9f4844fe0cd1f0fa2054c732514ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bba94079c0ac7b666196e69500b9d672
Size

240KB
Sample

240308-tdxdrsbh7x
MD5

bba94079c0ac7b666196e69500b9d672
SHA1

6f36468c74591936412813a8facb7ae946a4304d
SHA256

89f3aad42602c38257524952b41ec7a048a9f4844fe0cd1f0fa2054c732514ab
SHA512

c10769486982e84873d6ffe342600dc40d0210d2544809ab04130a85c363f4263f73859c570bcfd9ddfa22ad4b5f5f456ca9f6d7483e8116d58407beb2330860
SSDEEP

6144:CINOykEXqybgUKFMDfI7phg2J6AOsRVreU8p:Db/1KmDQ7p62/OsDr98

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  bba94079c0ac7b666196e69500b9d672
- Size
  
  240KB
- MD5
  
  bba94079c0ac7b666196e69500b9d672
- SHA1
  
  6f36468c74591936412813a8facb7ae946a4304d
- SHA256
  
  89f3aad42602c38257524952b41ec7a048a9f4844fe0cd1f0fa2054c732514ab
- SHA512
  
  c10769486982e84873d6ffe342600dc40d0210d2544809ab04130a85c363f4263f73859c570bcfd9ddfa22ad4b5f5f456ca9f6d7483e8116d58407beb2330860
- SSDEEP
  
  6144:CINOykEXqybgUKFMDfI7phg2J6AOsRVreU8p:Db/1KmDQ7p62/OsDr98
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2