4b81b695dcdf1a22828384c2fe03030280a911b27fffd186a525d26d6029465b | Triage

Sharing

General

Target

VirusShare_8bd998a1df3098b8d79b1a414e4d3d50
Size

96KB
Sample

240610-p1c67awamh
MD5

8bd998a1df3098b8d79b1a414e4d3d50
SHA1

877eafcfc81a4c379b2ea9483644f5e35b2ef6bb
SHA256

4b81b695dcdf1a22828384c2fe03030280a911b27fffd186a525d26d6029465b
SHA512

946cfac08ae80aefaafabf4fb7e0a9437332eeb4d202de2cf76f70ba2f984eef9ce495dee226723cbeff7fc57227b0a31e90865c9c4361fba6342fda371a5599
SSDEEP

1536:qObvEItR3Faop+c6MvQigo7x/zC4HX+qhxB6UTeT1QzKwa+7KzBaS:xbvE+14c6eD7E8+qx6USJQuda

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  VirusShare_8bd998a1df3098b8d79b1a414e4d3d50
- Size
  
  96KB
- MD5
  
  8bd998a1df3098b8d79b1a414e4d3d50
- SHA1
  
  877eafcfc81a4c379b2ea9483644f5e35b2ef6bb
- SHA256
  
  4b81b695dcdf1a22828384c2fe03030280a911b27fffd186a525d26d6029465b
- SHA512
  
  946cfac08ae80aefaafabf4fb7e0a9437332eeb4d202de2cf76f70ba2f984eef9ce495dee226723cbeff7fc57227b0a31e90865c9c4361fba6342fda371a5599
- SSDEEP
  
  1536:qObvEItR3Faop+c6MvQigo7x/zC4HX+qhxB6UTeT1QzKwa+7KzBaS:xbvE+14c6eD7E8+qx6USJQuda
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2