153688d2b58c2cff2bc21208df78d5ab82e35f0e2e473e3e2e704d619983f4a0 | Triage

Sharing

General

Target

94a16770d9df330539b4e12a53eb3d40N.exe
Size

156KB
Sample

240902-qbty3s1aqn
MD5

94a16770d9df330539b4e12a53eb3d40
SHA1

4ffa086817fbcd912f205038a4e1c98da19eb670
SHA256

153688d2b58c2cff2bc21208df78d5ab82e35f0e2e473e3e2e704d619983f4a0
SHA512

ec472cffde1cd2e00ec4b04e643839102a3733ff2c4ec666046aa2488a67e7a69269515b066aa46f28df62fba02acd6afc7a73952fb618e79d5a7045de748e75
SSDEEP

3072:vkvY+OOUYjo0i2JdvIArAVMBWfvgfJYraeL/qHQl:WY+Fo2JxeMw3g42HQl

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  94a16770d9df330539b4e12a53eb3d40N.exe
- Size
  
  156KB
- MD5
  
  94a16770d9df330539b4e12a53eb3d40
- SHA1
  
  4ffa086817fbcd912f205038a4e1c98da19eb670
- SHA256
  
  153688d2b58c2cff2bc21208df78d5ab82e35f0e2e473e3e2e704d619983f4a0
- SHA512
  
  ec472cffde1cd2e00ec4b04e643839102a3733ff2c4ec666046aa2488a67e7a69269515b066aa46f28df62fba02acd6afc7a73952fb618e79d5a7045de748e75
- SSDEEP
  
  3072:vkvY+OOUYjo0i2JdvIArAVMBWfvgfJYraeL/qHQl:WY+Fo2JxeMw3g42HQl
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence