397021b3ed12de4279c7eeec1a0081b4ea1d50894927ff547ec200df71d8b559 | Triage

Sharing

General

Target

f9c4ce03ca5609a1dbd45bb68cb51790N.exe
Size

201KB
Sample

240816-146hpazgmc
MD5

f9c4ce03ca5609a1dbd45bb68cb51790
SHA1

8b7aee88964d9883b92801278b0d17f84d486345
SHA256

397021b3ed12de4279c7eeec1a0081b4ea1d50894927ff547ec200df71d8b559
SHA512

604f4ffebf5d8773cd45764df0403a232a183d0c1e86c9b38d878513cec903456da853c2df5804837ee4a19bcfae2321d71ee146959af1da650207e5a57257da
SSDEEP

6144:Dt++Jbojf5Vq5OC4qZhZcKYhc/ZfUozY:4+cff22qZhZcKYhc/

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  f9c4ce03ca5609a1dbd45bb68cb51790N.exe
- Size
  
  201KB
- MD5
  
  f9c4ce03ca5609a1dbd45bb68cb51790
- SHA1
  
  8b7aee88964d9883b92801278b0d17f84d486345
- SHA256
  
  397021b3ed12de4279c7eeec1a0081b4ea1d50894927ff547ec200df71d8b559
- SHA512
  
  604f4ffebf5d8773cd45764df0403a232a183d0c1e86c9b38d878513cec903456da853c2df5804837ee4a19bcfae2321d71ee146959af1da650207e5a57257da
- SSDEEP
  
  6144:Dt++Jbojf5Vq5OC4qZhZcKYhc/ZfUozY:4+cff22qZhZcKYhc/
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence