cc1879bbd8f4c99007961c1d9dda24a57d10d4cba0edeb2b4734e709259d6cb7 | Triage

Sharing

General

Target

212ad48783f5d894386a5172672de1d0_NEIKI
Size

576KB
Sample

240508-j15csadc92
MD5

212ad48783f5d894386a5172672de1d0
SHA1

5c547a6a92db7c3ca3d6382711a7662efab53beb
SHA256

cc1879bbd8f4c99007961c1d9dda24a57d10d4cba0edeb2b4734e709259d6cb7
SHA512

5060a0b3e251f478e6cab07145ff606395c681652d0f80f23ef927aeecd04847a853a9442a3ee4abf0a1ee0ae677bcf94829f38740909015ff01685447b691da
SSDEEP

12288:PmWhND9yJz+b1FcMLmp2ATTSsdxmWhND9yJz+b1FcMLmpG:PmUNJyJqb1FcMap2ATT5rmUNJyJqb1Fl

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  212ad48783f5d894386a5172672de1d0_NEIKI
- Size
  
  576KB
- MD5
  
  212ad48783f5d894386a5172672de1d0
- SHA1
  
  5c547a6a92db7c3ca3d6382711a7662efab53beb
- SHA256
  
  cc1879bbd8f4c99007961c1d9dda24a57d10d4cba0edeb2b4734e709259d6cb7
- SHA512
  
  5060a0b3e251f478e6cab07145ff606395c681652d0f80f23ef927aeecd04847a853a9442a3ee4abf0a1ee0ae677bcf94829f38740909015ff01685447b691da
- SSDEEP
  
  12288:PmWhND9yJz+b1FcMLmp2ATTSsdxmWhND9yJz+b1FcMLmpG:PmUNJyJqb1FcMap2ATT5rmUNJyJqb1Fl
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2