2bae7e7dbc62a5f31973addb4641dc94ba06b0181f35d240a745dbb3bae28610 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bce67b4a22e1c0c2b292eb0144b22e50
Size

271KB
Sample

240309-1sw5wabg26
MD5

bce67b4a22e1c0c2b292eb0144b22e50
SHA1

84d8648001806f07237a5f9cefc413b74b38856c
SHA256

2bae7e7dbc62a5f31973addb4641dc94ba06b0181f35d240a745dbb3bae28610
SHA512

83a58f48524a5d4520ffd67296ed64bc95b4b1f0b17cee97e5920053e0199e12604b8a0fd7022ff5edcf5301b43da63d43b8381c50d1f24c289c9fa644125e0a
SSDEEP

6144:O0vsSRYQsNWZae/vy+C3ppgktHG+s7Osqx3TG:hEgYVnbZbHGPOsqFTG

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  bce67b4a22e1c0c2b292eb0144b22e50
- Size
  
  271KB
- MD5
  
  bce67b4a22e1c0c2b292eb0144b22e50
- SHA1
  
  84d8648001806f07237a5f9cefc413b74b38856c
- SHA256
  
  2bae7e7dbc62a5f31973addb4641dc94ba06b0181f35d240a745dbb3bae28610
- SHA512
  
  83a58f48524a5d4520ffd67296ed64bc95b4b1f0b17cee97e5920053e0199e12604b8a0fd7022ff5edcf5301b43da63d43b8381c50d1f24c289c9fa644125e0a
- SSDEEP
  
  6144:O0vsSRYQsNWZae/vy+C3ppgktHG+s7Osqx3TG:hEgYVnbZbHGPOsqFTG
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2