ccf74829e0681045497a49edba7a42b5c6b18147a5b3cad6a797cae363822581 | Triage

Sharing

General

Target

5a875beafded7bc4e2bc201dc7d20bc0N.exe
Size

244KB
Sample

240817-nnnlqawdrk
MD5

5a875beafded7bc4e2bc201dc7d20bc0
SHA1

5941d10d291c7c80b0d54d255a0e24d38aa2a7cd
SHA256

ccf74829e0681045497a49edba7a42b5c6b18147a5b3cad6a797cae363822581
SHA512

14a8e8a425eb254264bd65b19e4e74d7cb4571bebf70345e0cece519644ea636a7462362314cb46d00b089944c66eb9aa993cf5a9554064e1179b03c88750ebc
SSDEEP

6144:sEXlSylvFuWaS54hIAv/QhuA7HY8pPZ0FP6BzxM5EmX:5Aylvv5YRwh9HYd61xhmX

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  5a875beafded7bc4e2bc201dc7d20bc0N.exe
- Size
  
  244KB
- MD5
  
  5a875beafded7bc4e2bc201dc7d20bc0
- SHA1
  
  5941d10d291c7c80b0d54d255a0e24d38aa2a7cd
- SHA256
  
  ccf74829e0681045497a49edba7a42b5c6b18147a5b3cad6a797cae363822581
- SHA512
  
  14a8e8a425eb254264bd65b19e4e74d7cb4571bebf70345e0cece519644ea636a7462362314cb46d00b089944c66eb9aa993cf5a9554064e1179b03c88750ebc
- SSDEEP
  
  6144:sEXlSylvFuWaS54hIAv/QhuA7HY8pPZ0FP6BzxM5EmX:5Aylvv5YRwh9HYd61xhmX
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence