74f585ada49b89c894a0a2208ab7a97d6b331fe04ce2fbfd2d69bd81f27f26f4 | Triage

Sharing

General

Target

74f585ada49b89c894a0a2208ab7a97d6b331fe04ce2fbfd2d69bd81f27f26f4
Size

204KB
Sample

240817-a15h4sxbkf
MD5

fec01093a986eca421cf16fe305b8fdc
SHA1

aeebb8899aa298bf8a949369f0fe122223a83149
SHA256

74f585ada49b89c894a0a2208ab7a97d6b331fe04ce2fbfd2d69bd81f27f26f4
SHA512

066fb3ed08b16aa01f0a21ad2661c1ce7cda7c3eb817037a4fbf9be068224d37157406ee9336d2c83ca3e01830d8d6553b893cf7353c32836fc53dda578b7b9b
SSDEEP

3072:Q5u7yT4TVbkuRaX1w71jnRkCoyJTarYWbV+HOFxg+z1WxJsqWkoyjOowUVl/TlAQ:QLexkuRaX41xoyJV65gzyZko+uc

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  74f585ada49b89c894a0a2208ab7a97d6b331fe04ce2fbfd2d69bd81f27f26f4
- Size
  
  204KB
- MD5
  
  fec01093a986eca421cf16fe305b8fdc
- SHA1
  
  aeebb8899aa298bf8a949369f0fe122223a83149
- SHA256
  
  74f585ada49b89c894a0a2208ab7a97d6b331fe04ce2fbfd2d69bd81f27f26f4
- SHA512
  
  066fb3ed08b16aa01f0a21ad2661c1ce7cda7c3eb817037a4fbf9be068224d37157406ee9336d2c83ca3e01830d8d6553b893cf7353c32836fc53dda578b7b9b
- SSDEEP
  
  3072:Q5u7yT4TVbkuRaX1w71jnRkCoyJTarYWbV+HOFxg+z1WxJsqWkoyjOowUVl/TlAQ:QLexkuRaX41xoyJV65gzyZko+uc
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence