8278337660fa2460d7664cedef6f6a7b9eb4a6b14956a074e1b467550fe23ef8 | Triage

Sharing

General

Target

sample
Size

19KB
Sample

240517-qagblaab4x
MD5

8c0b2721020d3eedb6e5d9c21bdcd53d
SHA1

1bd71ad7eede70b76c7c107122bbb6a561d7df96
SHA256

8278337660fa2460d7664cedef6f6a7b9eb4a6b14956a074e1b467550fe23ef8
SHA512

4409ab5cbc6bd01c8a54da3aecca93273cdf322036f5641e74de6236d744762b0563efd90724bd7681b9f50cb9b1e1550fe5b5497dc2b9c8878261d9016b108b
SSDEEP

384:rHViETDpmReVoOs4ki9ylKeGMrU8HhhbHeA7Fo2paWhOwob0B+AIJCgMmV6:r17BVoOs4kmyI1MTBhb++EWhOwob0kJO

Score

10^/10

discovery evasion exploit persistence

Malware Config

Targets

- Target
  
  sample
- Size
  
  19KB
- MD5
  
  8c0b2721020d3eedb6e5d9c21bdcd53d
- SHA1
  
  1bd71ad7eede70b76c7c107122bbb6a561d7df96
- SHA256
  
  8278337660fa2460d7664cedef6f6a7b9eb4a6b14956a074e1b467550fe23ef8
- SHA512
  
  4409ab5cbc6bd01c8a54da3aecca93273cdf322036f5641e74de6236d744762b0563efd90724bd7681b9f50cb9b1e1550fe5b5497dc2b9c8878261d9016b108b
- SSDEEP
  
  384:rHViETDpmReVoOs4ki9ylKeGMrU8HhhbHeA7Fo2paWhOwob0B+AIJCgMmV6:r17BVoOs4kmyI1MTBhb++EWhOwob0kJO
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploitpersistence