041f700c8db4e27e9ad63f336daffebb194d3a1f3d1664bcf6576dbcf782e2f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_36c2db485eb923e888f5b44606472730
Size

125KB
Sample

240610-n9wjfsag69
MD5

36c2db485eb923e888f5b44606472730
SHA1

4775ca56c27fcfb0303dac9792499ac5a9a2590e
SHA256

041f700c8db4e27e9ad63f336daffebb194d3a1f3d1664bcf6576dbcf782e2f5
SHA512

f001820e295c1210b7467a945cf2cc2dee6b8167c2b7309337b17b96da7efec6ed035854511668c60dec982b789e883e446bde20609f4d16da13b7ae517dbdca
SSDEEP

3072:/T7kGa4SpL18NvAZDTp8FF1j64947x3C8d:rJa4Sp8DId

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  VirusShare_36c2db485eb923e888f5b44606472730
- Size
  
  125KB
- MD5
  
  36c2db485eb923e888f5b44606472730
- SHA1
  
  4775ca56c27fcfb0303dac9792499ac5a9a2590e
- SHA256
  
  041f700c8db4e27e9ad63f336daffebb194d3a1f3d1664bcf6576dbcf782e2f5
- SHA512
  
  f001820e295c1210b7467a945cf2cc2dee6b8167c2b7309337b17b96da7efec6ed035854511668c60dec982b789e883e446bde20609f4d16da13b7ae517dbdca
- SSDEEP
  
  3072:/T7kGa4SpL18NvAZDTp8FF1j64947x3C8d:rJa4Sp8DId
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2