2ad5b1e9fc6f02949b2cd85fa2564477aa554618d1a80cd82f23663a671f5651 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4f9998107d6aa7bfd23ac8844ed1cc0_NEIKI
Size

151KB
Sample

240508-dnfk1aff3t
MD5

b4f9998107d6aa7bfd23ac8844ed1cc0
SHA1

391e973cd1ac7680878eef8fbd746ba56d8998ba
SHA256

2ad5b1e9fc6f02949b2cd85fa2564477aa554618d1a80cd82f23663a671f5651
SHA512

b1787ab419cc56d1bb6759d9f8e68710b1960626bf2864f009f0fdb4a3d16a6bbe81854df11cfe61e608c72eb74c1cebfd09af0559cc6c92eb8d8749357a1dda
SSDEEP

3072:Eo5sRbO6SBgTCPZ0W1f8zEXahv0bX+m6SLXULDWaPXpyq0p2:Eo5sRbO6STPLRahvS+YXUXWa

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b4f9998107d6aa7bfd23ac8844ed1cc0_NEIKI
- Size
  
  151KB
- MD5
  
  b4f9998107d6aa7bfd23ac8844ed1cc0
- SHA1
  
  391e973cd1ac7680878eef8fbd746ba56d8998ba
- SHA256
  
  2ad5b1e9fc6f02949b2cd85fa2564477aa554618d1a80cd82f23663a671f5651
- SHA512
  
  b1787ab419cc56d1bb6759d9f8e68710b1960626bf2864f009f0fdb4a3d16a6bbe81854df11cfe61e608c72eb74c1cebfd09af0559cc6c92eb8d8749357a1dda
- SSDEEP
  
  3072:Eo5sRbO6SBgTCPZ0W1f8zEXahv0bX+m6SLXULDWaPXpyq0p2:Eo5sRbO6STPLRahvS+YXUXWa
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2