640bc001a8726b9a8682488a6f049df51f8db1d10ad580602d4b1c86a4ae3998 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e511eb2c03b38c264f3a12839e85a340N.exe
Size

218KB
Sample

240715-qwhrjstakm
MD5

e511eb2c03b38c264f3a12839e85a340
SHA1

770acea6b09020b2a625fba350746820df40f7fa
SHA256

640bc001a8726b9a8682488a6f049df51f8db1d10ad580602d4b1c86a4ae3998
SHA512

d5082f7bcd8f688dc1166796a828136a329f706e12ed245f24911e46b4e2113fadc500f3518d17eb3bd5dab6f33226fc3f44a831e117097ea1d47c58b4535895
SSDEEP

6144:0EQBDdO1z7L/EIhZDE9oLfFWlMZT7+DGaMwIC:0EGDdQNHEwWlMxYG/wI

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  e511eb2c03b38c264f3a12839e85a340N.exe
- Size
  
  218KB
- MD5
  
  e511eb2c03b38c264f3a12839e85a340
- SHA1
  
  770acea6b09020b2a625fba350746820df40f7fa
- SHA256
  
  640bc001a8726b9a8682488a6f049df51f8db1d10ad580602d4b1c86a4ae3998
- SHA512
  
  d5082f7bcd8f688dc1166796a828136a329f706e12ed245f24911e46b4e2113fadc500f3518d17eb3bd5dab6f33226fc3f44a831e117097ea1d47c58b4535895
- SSDEEP
  
  6144:0EQBDdO1z7L/EIhZDE9oLfFWlMZT7+DGaMwIC:0EGDdQNHEwWlMxYG/wI
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2