5f24eea8790c5f7eef2a4827657bd397d4081f554596a22b52748d679ed7c14f | Triage

Sharing

General

Target

LSlogon.zip
Size

25.3MB
Sample

240711-vjge6swanr
MD5

027456e2ed61ca59df6351d123c0589e
SHA1

565cb02088c2515ba7922f3f6ec5d2aa414f8022
SHA256

5f24eea8790c5f7eef2a4827657bd397d4081f554596a22b52748d679ed7c14f
SHA512

052505162b98c4039e84e1e8511787cc1623978d97fac611fa198e7e6f4af5b0375c08487534eacd5cecf3c4d2adab2fabf0bcd7bf725b0cc864431978638235
SSDEEP

786432:yD8QQbWu4p2VP+TP1dnSV+e/SJaVPe/p3VL6tJr9:yLKWu4UVGbS/r2fL6tJr9

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  LSlogon.py
- Size
  
  1KB
- MD5
  
  68f0a454821aebd66b4eb3babcdf91d1
- SHA1
  
  8f51343e4d49d04284d6493ea30f9b71c9b84f40
- SHA256
  
  4c81464cf5f43c89579631c0585b0e8add282922cc1dcb7e58a8eb0062406f3f
- SHA512
  
  90412161575a0a8ef7534639812539236ae3979bdf02f0d8ca728b0f54c9582f87a2088581c78d9deb914f7518249ad98397dca5db09ec395e9f4824cf061d58
Score

3^/10
behavioral1 behavioral2
- Target
  
  python-3.12.4-amd64 (1).exe
- Size
  
  25.5MB
- MD5
  
  f3df1be26cc7cbd8252ab5632b62d740
- SHA1
  
  3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
- SHA256
  
  da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
- SHA512
  
  2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
- SSDEEP
  
  786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk
Score

6^/10

discovery persistence privilege_escalation
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

discoverypersistenceprivilege_escalation