58b851b30c4b998042c554e325fb4ba47d38679e71778da4f0d679c2c45a236a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5005f1a0d7bc1013e219f3b782e1000N.exe
Size

396KB
Sample

240727-l836sstcpk
MD5

b5005f1a0d7bc1013e219f3b782e1000
SHA1

b67bd63505136460d60d425a02c63368fc416e5d
SHA256

58b851b30c4b998042c554e325fb4ba47d38679e71778da4f0d679c2c45a236a
SHA512

f7051259fa019a4b58cbc8531de8cbdf2b5825cd339cba429bc30eb9a61aebb12f7cc2e7d69e5be4c9ce98c1c4f99e380675a3244ec70a9d1a3e689fc6775f26
SSDEEP

6144:pmRC5dAARqqZXeAX7YM0y3vBVuzS8G8LB/WvnSbrd9aXBZXQ7kyfahvTnKeAA:pmRcdrVeArYMlB4b5BM+OXBZgIXLnKs

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b5005f1a0d7bc1013e219f3b782e1000N.exe
- Size
  
  396KB
- MD5
  
  b5005f1a0d7bc1013e219f3b782e1000
- SHA1
  
  b67bd63505136460d60d425a02c63368fc416e5d
- SHA256
  
  58b851b30c4b998042c554e325fb4ba47d38679e71778da4f0d679c2c45a236a
- SHA512
  
  f7051259fa019a4b58cbc8531de8cbdf2b5825cd339cba429bc30eb9a61aebb12f7cc2e7d69e5be4c9ce98c1c4f99e380675a3244ec70a9d1a3e689fc6775f26
- SSDEEP
  
  6144:pmRC5dAARqqZXeAX7YM0y3vBVuzS8G8LB/WvnSbrd9aXBZXQ7kyfahvTnKeAA:pmRcdrVeArYMlB4b5BM+OXBZgIXLnKs
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence