ffb2ab56e08b81e6ef51e3b64eb1562f2a332a0ea15be4b6782ad7bed7581648 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffb2ab56e08b81e6ef51e3b64eb1562f2a332a0ea15be4b6782ad7bed7581648
Size

152KB
Sample

240810-fpxxsa1cpb
MD5

2c47833b14f7c5e1205dd527bd2c4782
SHA1

b4f639767c80b31b54669cc68313f3cb7cc18612
SHA256

ffb2ab56e08b81e6ef51e3b64eb1562f2a332a0ea15be4b6782ad7bed7581648
SHA512

bf450cb8aea3485bf2109fca9f713195b8876fad2e73629fdb550466a2c0301634a85910bd00f89d461f7bcaa3cddc9b58fcce2086be8a1c717383f0442f8558
SSDEEP

3072:Gru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:SoSkB2R09l9b5ntD4LKS/6de

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  ffb2ab56e08b81e6ef51e3b64eb1562f2a332a0ea15be4b6782ad7bed7581648
- Size
  
  152KB
- MD5
  
  2c47833b14f7c5e1205dd527bd2c4782
- SHA1
  
  b4f639767c80b31b54669cc68313f3cb7cc18612
- SHA256
  
  ffb2ab56e08b81e6ef51e3b64eb1562f2a332a0ea15be4b6782ad7bed7581648
- SHA512
  
  bf450cb8aea3485bf2109fca9f713195b8876fad2e73629fdb550466a2c0301634a85910bd00f89d461f7bcaa3cddc9b58fcce2086be8a1c717383f0442f8558
- SSDEEP
  
  3072:Gru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:SoSkB2R09l9b5ntD4LKS/6de
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence