4e0d6fc57a6d5884a4de2a9942f37a4c7cb1a8454678dbe74d919be8cfe65153 | Triage

Sharing

General

Target

4e0d6fc57a6d5884a4de2a9942f37a4c7cb1a8454678dbe74d919be8cfe65153
Size

212KB
Sample

240522-1cnhsshd9z
MD5

0aa5806bf88cabf74c31f03f3a443be9
SHA1

a22ac0bd29f4dd7e79dd5382c02075975340459b
SHA256

4e0d6fc57a6d5884a4de2a9942f37a4c7cb1a8454678dbe74d919be8cfe65153
SHA512

4dd711ef8281e7eb1279c881fd7c2a8c014743a93eeb96d7bca3fab3a33e9b740996d785cc06aa0f701a1844c3f91711a17f0be8404900bdb98872816fb05050
SSDEEP

3072:hGwPsm1VrwxOsf0juzv8j4P1Hr6krr4IEhx9QZe2gO9mG9UHA30Vt3E/vDjb:hG/iVkO20SFgBhxtW9mG9+Umt3Ezjb

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  4e0d6fc57a6d5884a4de2a9942f37a4c7cb1a8454678dbe74d919be8cfe65153
- Size
  
  212KB
- MD5
  
  0aa5806bf88cabf74c31f03f3a443be9
- SHA1
  
  a22ac0bd29f4dd7e79dd5382c02075975340459b
- SHA256
  
  4e0d6fc57a6d5884a4de2a9942f37a4c7cb1a8454678dbe74d919be8cfe65153
- SHA512
  
  4dd711ef8281e7eb1279c881fd7c2a8c014743a93eeb96d7bca3fab3a33e9b740996d785cc06aa0f701a1844c3f91711a17f0be8404900bdb98872816fb05050
- SSDEEP
  
  3072:hGwPsm1VrwxOsf0juzv8j4P1Hr6krr4IEhx9QZe2gO9mG9UHA30Vt3E/vDjb:hG/iVkO20SFgBhxtW9mG9+Umt3Ezjb
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2