bfe81af10557197c1fa5b12dcc578ba563f8b92669d206ed96165a1a98c697ec | Triage

Sharing

General

Target

bfe81af10557197c1fa5b12dcc578ba563f8b92669d206ed96165a1a98c697ec
Size

237KB
Sample

240920-lc75wayhqc
MD5

00c40fc52dc7d0ad87e2a6e0256ab2e4
SHA1

ae769a1266859cbf5ef01fd5a114b4bf4da92aa2
SHA256

bfe81af10557197c1fa5b12dcc578ba563f8b92669d206ed96165a1a98c697ec
SHA512

62437b3df619ff27504091f717f146ea38109e5916489ee82be19c6b8ee38d6d395c530a097f712124a9d479a4f93c5e114db4794cb29b2a5b7318653e2ae9ae
SSDEEP

6144:eD8okEvTyoZVOgd2QZiw5NLclL5orfQH:ksjCF2QZiOU+4

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  bfe81af10557197c1fa5b12dcc578ba563f8b92669d206ed96165a1a98c697ec
- Size
  
  237KB
- MD5
  
  00c40fc52dc7d0ad87e2a6e0256ab2e4
- SHA1
  
  ae769a1266859cbf5ef01fd5a114b4bf4da92aa2
- SHA256
  
  bfe81af10557197c1fa5b12dcc578ba563f8b92669d206ed96165a1a98c697ec
- SHA512
  
  62437b3df619ff27504091f717f146ea38109e5916489ee82be19c6b8ee38d6d395c530a097f712124a9d479a4f93c5e114db4794cb29b2a5b7318653e2ae9ae
- SSDEEP
  
  6144:eD8okEvTyoZVOgd2QZiw5NLclL5orfQH:ksjCF2QZiOU+4
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence