9df173f3085f28d15d40135e04e59b03ecaecfa819ef38b9bcae9caf49c52203 | Triage

Sharing

General

Target

9df173f3085f28d15d40135e04e59b03ecaecfa819ef38b9bcae9caf49c52203
Size

152KB
Sample

240523-bfjlksfg6t
MD5

7445a8472184b4322c4b26c97ffa8862
SHA1

67cb36e036652011b6f082025975bc3841a7f371
SHA256

9df173f3085f28d15d40135e04e59b03ecaecfa819ef38b9bcae9caf49c52203
SHA512

196efc0b4e1e042a677e74592143ca85b16d8fde891201887214fc732376d9e18bc0dae5afd646c738f9c3254c994fae0b146d581e66edce18e472ed82c04de2
SSDEEP

3072:Dru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:foSkB2R09l9b5ntD4LKS/6de

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  9df173f3085f28d15d40135e04e59b03ecaecfa819ef38b9bcae9caf49c52203
- Size
  
  152KB
- MD5
  
  7445a8472184b4322c4b26c97ffa8862
- SHA1
  
  67cb36e036652011b6f082025975bc3841a7f371
- SHA256
  
  9df173f3085f28d15d40135e04e59b03ecaecfa819ef38b9bcae9caf49c52203
- SHA512
  
  196efc0b4e1e042a677e74592143ca85b16d8fde891201887214fc732376d9e18bc0dae5afd646c738f9c3254c994fae0b146d581e66edce18e472ed82c04de2
- SSDEEP
  
  3072:Dru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:foSkB2R09l9b5ntD4LKS/6de
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2