f2e863b0cc41034e72626dc77278cfc744ff7639618906d1b0ae5bcbe1050236 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f2e863b0cc41034e72626dc77278cfc744ff7639618906d1b0ae5bcbe1050236
Size

355KB
Sample

240802-hpb2essapn
MD5

cf51d4cfc5ccf71f82071e19845e4858
SHA1

0d6edbf98b8ec3ea5b4a7c6a376decf64895b322
SHA256

f2e863b0cc41034e72626dc77278cfc744ff7639618906d1b0ae5bcbe1050236
SHA512

ba18237a667b0e43b33f8f14de6b80a34acdce8615f811ad8931bc1cef136d737ef08a792825f399c417bb2bb339b05c62135cd5b382c2cacd36634b9d956fea
SSDEEP

6144:73EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:YmWhND9yJz+b1FcMLmp2ATTSsdS

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  f2e863b0cc41034e72626dc77278cfc744ff7639618906d1b0ae5bcbe1050236
- Size
  
  355KB
- MD5
  
  cf51d4cfc5ccf71f82071e19845e4858
- SHA1
  
  0d6edbf98b8ec3ea5b4a7c6a376decf64895b322
- SHA256
  
  f2e863b0cc41034e72626dc77278cfc744ff7639618906d1b0ae5bcbe1050236
- SHA512
  
  ba18237a667b0e43b33f8f14de6b80a34acdce8615f811ad8931bc1cef136d737ef08a792825f399c417bb2bb339b05c62135cd5b382c2cacd36634b9d956fea
- SSDEEP
  
  6144:73EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:YmWhND9yJz+b1FcMLmp2ATTSsdS
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence