Overview

overview

10

Static

static

3

860dd39c06...8e.exe

windows7-x64

10

860dd39c06...8e.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    860dd39c0614c7c5d2f8fb0a047766d6fa4674d7e06811c08076a7b4228d5b8e

  • Size

    353KB

  • Sample

    240902-a3gvtsxejg

  • MD5

    cdef12b2201eb32296d0ca456bc9f5b7

  • SHA1

    bfd22c932b0aa437395435424890e2d4f60b6341

  • SHA256

    860dd39c0614c7c5d2f8fb0a047766d6fa4674d7e06811c08076a7b4228d5b8e

  • SHA512

    c788fbd05961034d3d101e6b2344fde8819c3b8be3f33c66519a7446671d2c875295fb3148c7fb2206b621f6050618eeb531107c134a8f6ba076b087bbdc7150

  • SSDEEP

    6144:9B0SIpMVcBJqv9V1lySVS+m/KLXEQUxzivsPB5cK/KfdEd1BKqtOuiqJxk+4:T0EVRldA+n8xzivsJ5cK/KfdY1MqAuis

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      860dd39c0614c7c5d2f8fb0a047766d6fa4674d7e06811c08076a7b4228d5b8e

    • Size

      353KB

    • MD5

      cdef12b2201eb32296d0ca456bc9f5b7

    • SHA1

      bfd22c932b0aa437395435424890e2d4f60b6341

    • SHA256

      860dd39c0614c7c5d2f8fb0a047766d6fa4674d7e06811c08076a7b4228d5b8e

    • SHA512

      c788fbd05961034d3d101e6b2344fde8819c3b8be3f33c66519a7446671d2c875295fb3148c7fb2206b621f6050618eeb531107c134a8f6ba076b087bbdc7150

    • SSDEEP

      6144:9B0SIpMVcBJqv9V1lySVS+m/KLXEQUxzivsPB5cK/KfdEd1BKqtOuiqJxk+4:T0EVRldA+n8xzivsJ5cK/KfdY1MqAuis

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks