b322ddd2b006911c862a0247fe96552570bf0eadcc7249185ec6b41cc89e876d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b322ddd2b006911c862a0247fe96552570bf0eadcc7249185ec6b41cc89e876d
Size

6.9MB
Sample

240803-b93ljstekf
MD5

0ee31656feff0add102eeec61b2dfd23
SHA1

00bd90798f9eddace7585b339e5eda029ea70fb1
SHA256

b322ddd2b006911c862a0247fe96552570bf0eadcc7249185ec6b41cc89e876d
SHA512

f4aa0ddf423c56fe13286cb9e8c43ffce7ad76c841caa7224eebce9bf99433ed609499a3515233be67efbbe270166fcec391f497d527f7a3c8a438a189bbb17d
SSDEEP

196608:C4JPXnRFmQzGkkdG+CCeQ/n0Mov8HyZ4J5dyg:CW3JzGdGCeYtSZs5t

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b322ddd2b006911c862a0247fe96552570bf0eadcc7249185ec6b41cc89e876d
- Size
  
  6.9MB
- MD5
  
  0ee31656feff0add102eeec61b2dfd23
- SHA1
  
  00bd90798f9eddace7585b339e5eda029ea70fb1
- SHA256
  
  b322ddd2b006911c862a0247fe96552570bf0eadcc7249185ec6b41cc89e876d
- SHA512
  
  f4aa0ddf423c56fe13286cb9e8c43ffce7ad76c841caa7224eebce9bf99433ed609499a3515233be67efbbe270166fcec391f497d527f7a3c8a438a189bbb17d
- SSDEEP
  
  196608:C4JPXnRFmQzGkkdG+CCeQ/n0Mov8HyZ4J5dyg:CW3JzGdGCeYtSZs5t
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence