8c5b9692901214654c1398107f7f3e4dbeb248b6151309ed3b817fd27263ae7c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c5b9692901214654c1398107f7f3e4dbeb248b6151309ed3b817fd27263ae7c
Size

237KB
Sample

240929-3twa3s1amh
MD5

761a61a48968756a16fe28f44ac2cf9e
SHA1

b489a111da5a02591823aa1530f28a41b6147c30
SHA256

8c5b9692901214654c1398107f7f3e4dbeb248b6151309ed3b817fd27263ae7c
SHA512

85fee1d9474bb742159a8e243b6ada740854c19a24411b695961d772280455e5ab67fbe3a91891805dda289f344d7551f2f1ce6bd6176b8b97d1c21d47d99e08
SSDEEP

6144:sD8okEvTyoZVOgd2QZiw5NLclL5orfQH:usjCF2QZiOU+4

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  8c5b9692901214654c1398107f7f3e4dbeb248b6151309ed3b817fd27263ae7c
- Size
  
  237KB
- MD5
  
  761a61a48968756a16fe28f44ac2cf9e
- SHA1
  
  b489a111da5a02591823aa1530f28a41b6147c30
- SHA256
  
  8c5b9692901214654c1398107f7f3e4dbeb248b6151309ed3b817fd27263ae7c
- SHA512
  
  85fee1d9474bb742159a8e243b6ada740854c19a24411b695961d772280455e5ab67fbe3a91891805dda289f344d7551f2f1ce6bd6176b8b97d1c21d47d99e08
- SSDEEP
  
  6144:sD8okEvTyoZVOgd2QZiw5NLclL5orfQH:usjCF2QZiOU+4
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence