fe54dcf5c42f531faa664199ef6bd107a731d84e89394dedf05ccd927128f7df | Triage

Sharing

General

Target

fe54dcf5c42f531faa664199ef6bd107a731d84e89394dedf05ccd927128f7df
Size

156KB
Sample

240920-cdkljashrg
MD5

6f322f479f59054e175da2aa55a8cb4b
SHA1

5f8cbfcf30296a8a37686710ebab2a9cd709846f
SHA256

fe54dcf5c42f531faa664199ef6bd107a731d84e89394dedf05ccd927128f7df
SHA512

8542de14a0180f32260d6df7ffbab3ee0b68e78a4664f422e3ae2ff16d4b2aefa0bec7f10e07a10da521ca76e2a774237121404d17cf24b0ba7265d6441495b7
SSDEEP

3072:ikvM+OOUYjo0i2JdvIArAVMBWfvgfJYraeL/qHQl:RM+Fo2JxeMw3g42HQl

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  fe54dcf5c42f531faa664199ef6bd107a731d84e89394dedf05ccd927128f7df
- Size
  
  156KB
- MD5
  
  6f322f479f59054e175da2aa55a8cb4b
- SHA1
  
  5f8cbfcf30296a8a37686710ebab2a9cd709846f
- SHA256
  
  fe54dcf5c42f531faa664199ef6bd107a731d84e89394dedf05ccd927128f7df
- SHA512
  
  8542de14a0180f32260d6df7ffbab3ee0b68e78a4664f422e3ae2ff16d4b2aefa0bec7f10e07a10da521ca76e2a774237121404d17cf24b0ba7265d6441495b7
- SSDEEP
  
  3072:ikvM+OOUYjo0i2JdvIArAVMBWfvgfJYraeL/qHQl:RM+Fo2JxeMw3g42HQl
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence