b595e9f4106b2f7ef8c9af5e5110659e236d3d81266283f62dc25c3eb7bc6782 | Triage

Sharing

General

Target

b595e9f4106b2f7ef8c9af5e5110659e236d3d81266283f62dc25c3eb7bc6782
Size

349KB
Sample

240920-xxlyxstajd
MD5

c4cb5c39de0044aa65fb2b3ea8263431
SHA1

0588d5b102526548095bf27645fc263161bce6e0
SHA256

b595e9f4106b2f7ef8c9af5e5110659e236d3d81266283f62dc25c3eb7bc6782
SHA512

c84f27e86b82b2a19951ae58add524665131e5b93bff1402a7c477bbf314a2c2b3b63256d5b41cb54d15e318ce3f9b82a86f3a2b9543b7b9a8ed1a9db0cf0785
SSDEEP

6144:EVTQbSiexKAK4y6UvcZSeNH49qQQOH+ym4LLIoTqHSMaxzL:bSiOK4yjNQOGzoTCSMG

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b595e9f4106b2f7ef8c9af5e5110659e236d3d81266283f62dc25c3eb7bc6782
- Size
  
  349KB
- MD5
  
  c4cb5c39de0044aa65fb2b3ea8263431
- SHA1
  
  0588d5b102526548095bf27645fc263161bce6e0
- SHA256
  
  b595e9f4106b2f7ef8c9af5e5110659e236d3d81266283f62dc25c3eb7bc6782
- SHA512
  
  c84f27e86b82b2a19951ae58add524665131e5b93bff1402a7c477bbf314a2c2b3b63256d5b41cb54d15e318ce3f9b82a86f3a2b9543b7b9a8ed1a9db0cf0785
- SSDEEP
  
  6144:EVTQbSiexKAK4y6UvcZSeNH49qQQOH+ym4LLIoTqHSMaxzL:bSiOK4yjNQOGzoTCSMG
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence