f5e9b51b2782d3cb353c995edfbe4bfbe5e328e7cc87de392ba93113f234d94f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_03c444aa5b9e62ecd7582aa1d6d53d2b
Size

104KB
Sample

240610-pnj4zawakj
MD5

03c444aa5b9e62ecd7582aa1d6d53d2b
SHA1

cdfa03e27f9b37ed25f3798070d71e324dfce159
SHA256

f5e9b51b2782d3cb353c995edfbe4bfbe5e328e7cc87de392ba93113f234d94f
SHA512

deb917647dcc09acff751c4d3c392a96a99c841a2b57dd0dfc02794801cb9ec1a8f19447e450f1c1c6178bf390668d7a7dc9f5e93f9db64987d5e6ac5084b148
SSDEEP

3072:nDjabtcLayLXD6riZnW4NaBZdZH+gnza:nyb49NaBZer

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  VirusShare_03c444aa5b9e62ecd7582aa1d6d53d2b
- Size
  
  104KB
- MD5
  
  03c444aa5b9e62ecd7582aa1d6d53d2b
- SHA1
  
  cdfa03e27f9b37ed25f3798070d71e324dfce159
- SHA256
  
  f5e9b51b2782d3cb353c995edfbe4bfbe5e328e7cc87de392ba93113f234d94f
- SHA512
  
  deb917647dcc09acff751c4d3c392a96a99c841a2b57dd0dfc02794801cb9ec1a8f19447e450f1c1c6178bf390668d7a7dc9f5e93f9db64987d5e6ac5084b148
- SSDEEP
  
  3072:nDjabtcLayLXD6riZnW4NaBZdZH+gnza:nyb49NaBZer
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2