13fc8f4d7f94283d15e231d57b52e652d8d3a877b695e7cc688a735761d1459c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

lc.exe
Size

181KB
Sample

240727-nkqa5sxcrn
MD5

d1e87942679b191f42694635d96b2008
SHA1

01dfdfd6b13eeae2d7715f90882ebddcaa14d7f4
SHA256

13fc8f4d7f94283d15e231d57b52e652d8d3a877b695e7cc688a735761d1459c
SHA512

f55d0f4effaefbfa82cd0356d005bd690f5485f4f70bac94ff7a5ae41fbe51185978bb34e5595a9594078c9ecbb8e705d8194146317384ae9711189f98cfc487
SSDEEP

3072:0Z8ZaTpgqCILIFgs+7UHN91xIRzUCpM69/KImQi/6ebW6kTgTWbo:BuR6kUGzUCpM69/KImQi/6ebl

Score

10^/10

defense_evasion persistence

Malware Config

Targets

- Target
  
  lc.exe
- Size
  
  181KB
- MD5
  
  d1e87942679b191f42694635d96b2008
- SHA1
  
  01dfdfd6b13eeae2d7715f90882ebddcaa14d7f4
- SHA256
  
  13fc8f4d7f94283d15e231d57b52e652d8d3a877b695e7cc688a735761d1459c
- SHA512
  
  f55d0f4effaefbfa82cd0356d005bd690f5485f4f70bac94ff7a5ae41fbe51185978bb34e5595a9594078c9ecbb8e705d8194146317384ae9711189f98cfc487
- SSDEEP
  
  3072:0Z8ZaTpgqCILIFgs+7UHN91xIRzUCpM69/KImQi/6ebW6kTgTWbo:BuR6kUGzUCpM69/KImQi/6ebl
Score

10^/10

defense_evasion persistence
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistence

behavioral2

defense_evasionpersistence