e5bc560b9bdf170987a9e2685066e7be8b991eae88c52056d183cef03aa2b456 | Triage

Sharing

General

Target

d6ec11231cb035674c0d1f98fcf84db2
Size

261KB
Sample

240319-x3jqrach34
MD5

d6ec11231cb035674c0d1f98fcf84db2
SHA1

e5c340d770e4cc958d1bab56f7f8d6ed0af2dcf5
SHA256

e5bc560b9bdf170987a9e2685066e7be8b991eae88c52056d183cef03aa2b456
SHA512

820e8840bc2c6c6a331a8a5a692f2be3c16ecb5eadbe7aa3ea74ed5c43698a72db7ba1f6bd47f79180a637458e1289c5b9a2102a60bdd6a1ccbd5d9fc49014ac
SSDEEP

6144:fV1yEtgWvWZryFwTnAls4pTnRQb5288x5jcPOep:fV1BRWgFwTnl4+5Ex5cPjp

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  d6ec11231cb035674c0d1f98fcf84db2
- Size
  
  261KB
- MD5
  
  d6ec11231cb035674c0d1f98fcf84db2
- SHA1
  
  e5c340d770e4cc958d1bab56f7f8d6ed0af2dcf5
- SHA256
  
  e5bc560b9bdf170987a9e2685066e7be8b991eae88c52056d183cef03aa2b456
- SHA512
  
  820e8840bc2c6c6a331a8a5a692f2be3c16ecb5eadbe7aa3ea74ed5c43698a72db7ba1f6bd47f79180a637458e1289c5b9a2102a60bdd6a1ccbd5d9fc49014ac
- SSDEEP
  
  6144:fV1yEtgWvWZryFwTnAls4pTnRQb5288x5jcPOep:fV1BRWgFwTnl4+5Ex5cPjp
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2