Overview

overview

10

Static

static

3

66a34d4bb9...f4.exe

windows7-x64

10

66a34d4bb9...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66a34d4bb9c95651d95dd43e870024d2235a233183bfc45105052cded1a926f4

  • Size

    213KB

  • Sample

    240522-2kzrgabf41

  • MD5

    b8d6d21fa35df5e7f8c2609e6fc07fae

  • SHA1

    3848009b61d41b8d02ea4ac509d9efccac22bbf3

  • SHA256

    66a34d4bb9c95651d95dd43e870024d2235a233183bfc45105052cded1a926f4

  • SHA512

    c9b7110e7516408761ff53e2168f51c2cc8073b2c187ed2d49b1253dfca78a2678f43b01b015815b9e936a77739a53b126a978b36c0e1ef3f7f76bb884fd78f4

  • SSDEEP

    6144:f7++Jbojf5Vq5OC4qZhZcKYhc/ZfUozY:q+cff22qZhZcKYhc/

Score
10/10
persistence

Malware Config

Targets

    • Target

      66a34d4bb9c95651d95dd43e870024d2235a233183bfc45105052cded1a926f4

    • Size

      213KB

    • MD5

      b8d6d21fa35df5e7f8c2609e6fc07fae

    • SHA1

      3848009b61d41b8d02ea4ac509d9efccac22bbf3

    • SHA256

      66a34d4bb9c95651d95dd43e870024d2235a233183bfc45105052cded1a926f4

    • SHA512

      c9b7110e7516408761ff53e2168f51c2cc8073b2c187ed2d49b1253dfca78a2678f43b01b015815b9e936a77739a53b126a978b36c0e1ef3f7f76bb884fd78f4

    • SSDEEP

      6144:f7++Jbojf5Vq5OC4qZhZcKYhc/ZfUozY:q+cff22qZhZcKYhc/

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Defense Evasion

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks