485455e79fea2c774fbfcb0a74cbb51b7fa242a3f4a1541143acdee88b98b822 | Triage

Sharing

General

Target

485455e79fea2c774fbfcb0a74cbb51b7fa242a3f4a1541143acdee88b98b822
Size

152KB
Sample

240920-ykjhpsvclc
MD5

6eb51e667f293c61e48b88a2a9dafed3
SHA1

307febd5cf51fe0bcf75f48690c1d827dbbcca3c
SHA256

485455e79fea2c774fbfcb0a74cbb51b7fa242a3f4a1541143acdee88b98b822
SHA512

7eb299e5377df85b4cb6ade9671a2abfc287e7dd2f13877a14358202299b9dfac168fade8e3bb0bbe3785d99e2c723e9a99c48870c046ed942c9009052eb49e1
SSDEEP

3072:Kru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:uoSkB2R09l9b5ntD4LKS/6de

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  485455e79fea2c774fbfcb0a74cbb51b7fa242a3f4a1541143acdee88b98b822
- Size
  
  152KB
- MD5
  
  6eb51e667f293c61e48b88a2a9dafed3
- SHA1
  
  307febd5cf51fe0bcf75f48690c1d827dbbcca3c
- SHA256
  
  485455e79fea2c774fbfcb0a74cbb51b7fa242a3f4a1541143acdee88b98b822
- SHA512
  
  7eb299e5377df85b4cb6ade9671a2abfc287e7dd2f13877a14358202299b9dfac168fade8e3bb0bbe3785d99e2c723e9a99c48870c046ed942c9009052eb49e1
- SSDEEP
  
  3072:Kru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:uoSkB2R09l9b5ntD4LKS/6de
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence