27f004ed75fb463041d5cbe28c11d0ac7e292bdea2a617904e4e0e73d1b04b50 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0edf8897845530c23b115a69b49fbf9
Size

62KB
Sample

240327-gnd9qaha9t
MD5

e0edf8897845530c23b115a69b49fbf9
SHA1

6098df53a842ec64e94218bbe5c8cced83587a7e
SHA256

27f004ed75fb463041d5cbe28c11d0ac7e292bdea2a617904e4e0e73d1b04b50
SHA512

c592a5fa1e9155b563ce59ae4771dae96eb9ce2886257b207343258ecf9fddc2cba552cc48a3d9f4f202077db5988fb6a0ae42abee8fb9e2f8bbe788e3542931
SSDEEP

1536:D3oVV+I64rPKeoGsJXn2+SRoJ0pE6SXNKDFWXz:A64rSgspwK0tyGO

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  e0edf8897845530c23b115a69b49fbf9
- Size
  
  62KB
- MD5
  
  e0edf8897845530c23b115a69b49fbf9
- SHA1
  
  6098df53a842ec64e94218bbe5c8cced83587a7e
- SHA256
  
  27f004ed75fb463041d5cbe28c11d0ac7e292bdea2a617904e4e0e73d1b04b50
- SHA512
  
  c592a5fa1e9155b563ce59ae4771dae96eb9ce2886257b207343258ecf9fddc2cba552cc48a3d9f4f202077db5988fb6a0ae42abee8fb9e2f8bbe788e3542931
- SSDEEP
  
  1536:D3oVV+I64rPKeoGsJXn2+SRoJ0pE6SXNKDFWXz:A64rSgspwK0tyGO
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2