6a36e42b5f37966859fa9750eedb4ffc571653a5acbd610854145205a41ee2e9 | Triage

Sharing

General

Target

31e903544870c656040e9aec02cc6430N.exe
Size

58KB
Sample

240905-tpf6xsvfmb
MD5

31e903544870c656040e9aec02cc6430
SHA1

ef7664ed85b40fe3538e3693af2481db91cc6d29
SHA256

6a36e42b5f37966859fa9750eedb4ffc571653a5acbd610854145205a41ee2e9
SHA512

e8ae31d6ba93b18ab43f3d3a82b10b1a7e3fa3240622a4f9f12275b885fd3726613644808d7ea95b0171afd7b7f3bb50ebe2a340464d82fa4ff4d4fb8c18bfdc
SSDEEP

768:/+tAoVybMY3m0q0TGneGaJZtyldCQ7o8yyo4YNgX0zW9vQkEBw6MnYFDXJ5wh3O7:/+tzybMVr2GeVLcbo8i4j0yhPnm2Xnz

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  31e903544870c656040e9aec02cc6430N.exe
- Size
  
  58KB
- MD5
  
  31e903544870c656040e9aec02cc6430
- SHA1
  
  ef7664ed85b40fe3538e3693af2481db91cc6d29
- SHA256
  
  6a36e42b5f37966859fa9750eedb4ffc571653a5acbd610854145205a41ee2e9
- SHA512
  
  e8ae31d6ba93b18ab43f3d3a82b10b1a7e3fa3240622a4f9f12275b885fd3726613644808d7ea95b0171afd7b7f3bb50ebe2a340464d82fa4ff4d4fb8c18bfdc
- SSDEEP
  
  768:/+tAoVybMY3m0q0TGneGaJZtyldCQ7o8yyo4YNgX0zW9vQkEBw6MnYFDXJ5wh3O7:/+tzybMVr2GeVLcbo8i4j0yhPnm2Xnz
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2