196f8e254fc6dd0832756fcc4b7210d22e76b4a018262be395a6d5af6a56f4b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa0c16590176a9de2d7df083a8e1a1c0N.exe
Size

203KB
Sample

240727-jldaraxglg
MD5

aa0c16590176a9de2d7df083a8e1a1c0
SHA1

52e39393bfd57c1841897dda555881abf7650ccb
SHA256

196f8e254fc6dd0832756fcc4b7210d22e76b4a018262be395a6d5af6a56f4b9
SHA512

f23ad47dc4bf8662dcda0d128487158062f3ee00d121541d7377353b44f17ce2feaeda1e4aa90046e358e113838a18e41ed6417e69b0b5dc524ddc366325f5e6
SSDEEP

6144:DEL1lvsWYuOiMnGNuuF8XcfI2MPO7qhnhF9mD:SnksHxyXcfIRhFE

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  aa0c16590176a9de2d7df083a8e1a1c0N.exe
- Size
  
  203KB
- MD5
  
  aa0c16590176a9de2d7df083a8e1a1c0
- SHA1
  
  52e39393bfd57c1841897dda555881abf7650ccb
- SHA256
  
  196f8e254fc6dd0832756fcc4b7210d22e76b4a018262be395a6d5af6a56f4b9
- SHA512
  
  f23ad47dc4bf8662dcda0d128487158062f3ee00d121541d7377353b44f17ce2feaeda1e4aa90046e358e113838a18e41ed6417e69b0b5dc524ddc366325f5e6
- SSDEEP
  
  6144:DEL1lvsWYuOiMnGNuuF8XcfI2MPO7qhnhF9mD:SnksHxyXcfIRhFE
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence