7c28dd5aa5a502860ca3c9011a7e9806908c337844c56c7264c3a0428a27455e | Triage

Sharing

General

Target

VirusShare_c2b77c0e5d25b61ed3487cef84656a70
Size

112KB
Sample

240610-qjf27awhmh
MD5

c2b77c0e5d25b61ed3487cef84656a70
SHA1

890759c1c0c82bf9d51e39eec74d8a2b099f676e
SHA256

7c28dd5aa5a502860ca3c9011a7e9806908c337844c56c7264c3a0428a27455e
SHA512

df9a2e08091827c549c95e5647e236df0b7bf5d17a3f363ed027e5f4b3d5a577d813a6394cc460f4d4f816c166d9be49c7e0f531eff23ab5d598a95fb61986c8
SSDEEP

3072:mD0mWKcsayLrD6riZpW4NaBZdZz+gnza:m5WU3NaBZyr

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  VirusShare_c2b77c0e5d25b61ed3487cef84656a70
- Size
  
  112KB
- MD5
  
  c2b77c0e5d25b61ed3487cef84656a70
- SHA1
  
  890759c1c0c82bf9d51e39eec74d8a2b099f676e
- SHA256
  
  7c28dd5aa5a502860ca3c9011a7e9806908c337844c56c7264c3a0428a27455e
- SHA512
  
  df9a2e08091827c549c95e5647e236df0b7bf5d17a3f363ed027e5f4b3d5a577d813a6394cc460f4d4f816c166d9be49c7e0f531eff23ab5d598a95fb61986c8
- SSDEEP
  
  3072:mD0mWKcsayLrD6riZpW4NaBZdZz+gnza:m5WU3NaBZyr
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2