856166b6445415c6dfa476171b1295b91853a68ed81cedc690e836aba28633d0 | Triage

Sharing

General

Target

ce14ae14aca5c20c7c2120944d709c4b
Size

252KB
Sample

240316-pt2afadb69
MD5

ce14ae14aca5c20c7c2120944d709c4b
SHA1

386fc157b9782d7a7da94575558508f6793dfb53
SHA256

856166b6445415c6dfa476171b1295b91853a68ed81cedc690e836aba28633d0
SHA512

3098017f1e40df98f8a46ddb48b06550ff83adac2e9ddb43d996446f478ff7841fd268780ac5f2eee1e1407813c9d58280cdc396b03c3e54cc659230fc3e30c9
SSDEEP

6144:9hEBeRyGESBHIn4twz9I0Ys/RJV/4pPr3VPIYr++YEAAAQcp5hA:9KM9jBHI46zDJV/0zVPNOQc/u

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ce14ae14aca5c20c7c2120944d709c4b
- Size
  
  252KB
- MD5
  
  ce14ae14aca5c20c7c2120944d709c4b
- SHA1
  
  386fc157b9782d7a7da94575558508f6793dfb53
- SHA256
  
  856166b6445415c6dfa476171b1295b91853a68ed81cedc690e836aba28633d0
- SHA512
  
  3098017f1e40df98f8a46ddb48b06550ff83adac2e9ddb43d996446f478ff7841fd268780ac5f2eee1e1407813c9d58280cdc396b03c3e54cc659230fc3e30c9
- SSDEEP
  
  6144:9hEBeRyGESBHIn4twz9I0Ys/RJV/4pPr3VPIYr++YEAAAQcp5hA:9KM9jBHI46zDJV/0zVPNOQc/u
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2