d7e0574a1d81309b78bea7cf80cc5f64c02907a4e99c41072f3fcc9c4e954456 | Triage

Sharing

General

Target

d7e0574a1d81309b78bea7cf80cc5f64c02907a4e99c41072f3fcc9c4e954456
Size

375KB
Sample

240425-eh8j9seg96
MD5

41facb5835ba375de367e4af7e16b06a
SHA1

6415609de5192e59d766fe2778b63e32b50fcee5
SHA256

d7e0574a1d81309b78bea7cf80cc5f64c02907a4e99c41072f3fcc9c4e954456
SHA512

489e391557432d1711aefdbe0c8b19930f71f1f50e741947f8ffc6e1348512fdea7c08e872a60447763c1f0dfd80dd9c58f92626f18801451c511e595037c134
SSDEEP

6144:83EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9Eij:3mWhND9yJz+b1FcMLmp2ATTSsdj

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  d7e0574a1d81309b78bea7cf80cc5f64c02907a4e99c41072f3fcc9c4e954456
- Size
  
  375KB
- MD5
  
  41facb5835ba375de367e4af7e16b06a
- SHA1
  
  6415609de5192e59d766fe2778b63e32b50fcee5
- SHA256
  
  d7e0574a1d81309b78bea7cf80cc5f64c02907a4e99c41072f3fcc9c4e954456
- SHA512
  
  489e391557432d1711aefdbe0c8b19930f71f1f50e741947f8ffc6e1348512fdea7c08e872a60447763c1f0dfd80dd9c58f92626f18801451c511e595037c134
- SSDEEP
  
  6144:83EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9Eij:3mWhND9yJz+b1FcMLmp2ATTSsdj
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2