3468c695a5dd50a99393832613a7432f7d3171eab99d0154e7d2eb5dbc07b8e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3468c695a5dd50a99393832613a7432f7d3171eab99d0154e7d2eb5dbc07b8e8N
Size

157KB
Sample

240927-v8c42sshjl
MD5

a579bbe96e4a3e15653ab02e60927e70
SHA1

4be1539006aca580caa09a546f13eb0e10a8ecc0
SHA256

3468c695a5dd50a99393832613a7432f7d3171eab99d0154e7d2eb5dbc07b8e8
SHA512

6336e650cba92b11251a4ee393ba825695cfe7a1009dfaef93eb79046f19a5c5c6c483abb005a2264eb4a627482d3aea1559ebf464a89746b3c602a9f666f257
SSDEEP

3072:teVsjyYsAq/C3RCzgJHvNA1PpYfFL6zU+BEfi:4OjjqahUSPe1SZ+h

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  3468c695a5dd50a99393832613a7432f7d3171eab99d0154e7d2eb5dbc07b8e8N
- Size
  
  157KB
- MD5
  
  a579bbe96e4a3e15653ab02e60927e70
- SHA1
  
  4be1539006aca580caa09a546f13eb0e10a8ecc0
- SHA256
  
  3468c695a5dd50a99393832613a7432f7d3171eab99d0154e7d2eb5dbc07b8e8
- SHA512
  
  6336e650cba92b11251a4ee393ba825695cfe7a1009dfaef93eb79046f19a5c5c6c483abb005a2264eb4a627482d3aea1559ebf464a89746b3c602a9f666f257
- SSDEEP
  
  3072:teVsjyYsAq/C3RCzgJHvNA1PpYfFL6zU+BEfi:4OjjqahUSPe1SZ+h
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence