4aa45ab51b90dc65383ea4731d0ef6a024956172d515851e589d43e06575d1fa | Triage

Sharing

General

Target

61107727db4318f052cc0feeb3451a40N.exe
Size

218KB
Sample

240805-hqcdkszalp
MD5

61107727db4318f052cc0feeb3451a40
SHA1

9d35ec57faec9acc010b6b5cd2ef5d6f83a124e8
SHA256

4aa45ab51b90dc65383ea4731d0ef6a024956172d515851e589d43e06575d1fa
SHA512

5330a6c364f86fdcbfb3d253b553e6e81dda7489154c7299a2c811f975f655ca6e9c49e2d39d17aa8e2c9282b299783663bed4fc6e09b46cc7fe9cbbb0059340
SSDEEP

3072:bvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:j1SyAJp6rjn1gOObn4b6h9h

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  61107727db4318f052cc0feeb3451a40N.exe
- Size
  
  218KB
- MD5
  
  61107727db4318f052cc0feeb3451a40
- SHA1
  
  9d35ec57faec9acc010b6b5cd2ef5d6f83a124e8
- SHA256
  
  4aa45ab51b90dc65383ea4731d0ef6a024956172d515851e589d43e06575d1fa
- SHA512
  
  5330a6c364f86fdcbfb3d253b553e6e81dda7489154c7299a2c811f975f655ca6e9c49e2d39d17aa8e2c9282b299783663bed4fc6e09b46cc7fe9cbbb0059340
- SSDEEP
  
  3072:bvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:j1SyAJp6rjn1gOObn4b6h9h
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence