6324a3ae7be406da03c391a83c0562d438c62a1cbed0d2fcbe0e2a1144ab7e84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5b5fc6fddcfec0860d29558ac2bc8f7
Size

226KB
Sample

240319-kt5weafd66
MD5

d5b5fc6fddcfec0860d29558ac2bc8f7
SHA1

2d3ffedd820f8039e8705a7c108c98fcdc644f17
SHA256

6324a3ae7be406da03c391a83c0562d438c62a1cbed0d2fcbe0e2a1144ab7e84
SHA512

0dfe4d7a55454ddcbec1e8c8ac981933ec1f5eb9e8ce42eb74caaf221d42ea5d77dc99492e9b5c9d20818bce081a12685b3a3a7e2f5025416d36f07ea76a6374
SSDEEP

6144:iBRT6zO0Q6zmTBy4/BbBVp/Qnxn6byocKIWCW:D5UL4nxnGcLTW

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  d5b5fc6fddcfec0860d29558ac2bc8f7
- Size
  
  226KB
- MD5
  
  d5b5fc6fddcfec0860d29558ac2bc8f7
- SHA1
  
  2d3ffedd820f8039e8705a7c108c98fcdc644f17
- SHA256
  
  6324a3ae7be406da03c391a83c0562d438c62a1cbed0d2fcbe0e2a1144ab7e84
- SHA512
  
  0dfe4d7a55454ddcbec1e8c8ac981933ec1f5eb9e8ce42eb74caaf221d42ea5d77dc99492e9b5c9d20818bce081a12685b3a3a7e2f5025416d36f07ea76a6374
- SSDEEP
  
  6144:iBRT6zO0Q6zmTBy4/BbBVp/Qnxn6byocKIWCW:D5UL4nxnGcLTW
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2