9cca50548b30249eb298a49cfc0984fdfeae67233251e26e78cf1a7e6b7e6f98 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fa486d264c77822d85d363bbdcb5b80N.exe
Size

218KB
Sample

240806-hbns3awcme
MD5

6fa486d264c77822d85d363bbdcb5b80
SHA1

613ebd0dea6b2e346fdf129a9a61e677684ae823
SHA256

9cca50548b30249eb298a49cfc0984fdfeae67233251e26e78cf1a7e6b7e6f98
SHA512

031fed33ab6ea69b1f2384d51652430621f046527aa7199d25c0e0fd04d7fdbdd8eae02f075dc500fd4b585c1ca64ddbd2198faae67adb8438194660ef323543
SSDEEP

3072:5vm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:N1SyAJp6rjn1gOObn4b6h9h

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  6fa486d264c77822d85d363bbdcb5b80N.exe
- Size
  
  218KB
- MD5
  
  6fa486d264c77822d85d363bbdcb5b80
- SHA1
  
  613ebd0dea6b2e346fdf129a9a61e677684ae823
- SHA256
  
  9cca50548b30249eb298a49cfc0984fdfeae67233251e26e78cf1a7e6b7e6f98
- SHA512
  
  031fed33ab6ea69b1f2384d51652430621f046527aa7199d25c0e0fd04d7fdbdd8eae02f075dc500fd4b585c1ca64ddbd2198faae67adb8438194660ef323543
- SSDEEP
  
  3072:5vm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:N1SyAJp6rjn1gOObn4b6h9h
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence