21a7689ec85bce4cd3f6fd009fd7a09b5ef95aa5b0c7b088b3d790fde602acc5 | Triage

Sharing

General

Target

21a7689ec85bce4cd3f6fd009fd7a09b5ef95aa5b0c7b088b3d790fde602acc5
Size

380KB
Sample

240604-x933zahg92
MD5

ad8d9faca8ef77f3b8a3cca301cb06ff
SHA1

d63d8f1a547061b950b173868cc300efa4018f7d
SHA256

21a7689ec85bce4cd3f6fd009fd7a09b5ef95aa5b0c7b088b3d790fde602acc5
SHA512

87325f7406df280c0591d29ee4c735350ea1870e4764f8ceffe1cd8fda8e3cbfca49a04a76d51981b2a5467cb0d81e84e78980a4e6dbbcec0f68718b7acb69ac
SSDEEP

6144:GaEmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiwmryP:6mWhND9yJz+b1FcMLmp2ATTSsdwmryP

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  21a7689ec85bce4cd3f6fd009fd7a09b5ef95aa5b0c7b088b3d790fde602acc5
- Size
  
  380KB
- MD5
  
  ad8d9faca8ef77f3b8a3cca301cb06ff
- SHA1
  
  d63d8f1a547061b950b173868cc300efa4018f7d
- SHA256
  
  21a7689ec85bce4cd3f6fd009fd7a09b5ef95aa5b0c7b088b3d790fde602acc5
- SHA512
  
  87325f7406df280c0591d29ee4c735350ea1870e4764f8ceffe1cd8fda8e3cbfca49a04a76d51981b2a5467cb0d81e84e78980a4e6dbbcec0f68718b7acb69ac
- SSDEEP
  
  6144:GaEmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiwmryP:6mWhND9yJz+b1FcMLmp2ATTSsdwmryP
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2