70b642a52ec3a1c78ae166f94bbb4fe6b35b7d30376b1736f62be14a93a7506d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_3f424f1b88c8bb697f86f92ccd509a70
Size

96KB
Sample

240610-n9zwwaac3s
MD5

3f424f1b88c8bb697f86f92ccd509a70
SHA1

565f98a472073231017b067e96fc7efae201919a
SHA256

70b642a52ec3a1c78ae166f94bbb4fe6b35b7d30376b1736f62be14a93a7506d
SHA512

b2be562ad2927ee419de6747cde72ef76611225ea3cee6bbc9a477d5d043e2ed5fffc7268bc6b0360a2614e1f7b3a572cae69ac1a82f9c6b00bab2e74bdb3d93
SSDEEP

1536:EMpSLlIpXIEGvkrD8Al9cqUl4veQaOgjXPs/QCAarYlvlHHOIi0iICsXrPT:oRkXOQ8Qcqs4veQaX7JUJI7OsXrP

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  VirusShare_3f424f1b88c8bb697f86f92ccd509a70
- Size
  
  96KB
- MD5
  
  3f424f1b88c8bb697f86f92ccd509a70
- SHA1
  
  565f98a472073231017b067e96fc7efae201919a
- SHA256
  
  70b642a52ec3a1c78ae166f94bbb4fe6b35b7d30376b1736f62be14a93a7506d
- SHA512
  
  b2be562ad2927ee419de6747cde72ef76611225ea3cee6bbc9a477d5d043e2ed5fffc7268bc6b0360a2614e1f7b3a572cae69ac1a82f9c6b00bab2e74bdb3d93
- SSDEEP
  
  1536:EMpSLlIpXIEGvkrD8Al9cqUl4veQaOgjXPs/QCAarYlvlHHOIi0iICsXrPT:oRkXOQ8Qcqs4veQaX7JUJI7OsXrP
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2