0f39e5cc86b7fa38caf56b52babac468617046f6e40718626bba66fd114432fc | Triage

Sharing

General

Target

0f39e5cc86b7fa38caf56b52babac468617046f6e40718626bba66fd114432fcN
Size

204KB
Sample

241003-3e8mvswdlf
MD5

7ebac559acd47d88a0af3d1e71126830
SHA1

508ad9d4dd196059156583071211aff82b6b56c5
SHA256

0f39e5cc86b7fa38caf56b52babac468617046f6e40718626bba66fd114432fc
SHA512

2ef19c2154aab17f0e16ae473d19d1014e8cf414d304cbc88357fe0e2e89c68bd00920fe024226808284308c0241be84bcb505a2a0d612b09ba6fbc5c6273f39
SSDEEP

3072:AO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:AgFtboVBJtNWyPnYG4fUbk

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0f39e5cc86b7fa38caf56b52babac468617046f6e40718626bba66fd114432fcN
- Size
  
  204KB
- MD5
  
  7ebac559acd47d88a0af3d1e71126830
- SHA1
  
  508ad9d4dd196059156583071211aff82b6b56c5
- SHA256
  
  0f39e5cc86b7fa38caf56b52babac468617046f6e40718626bba66fd114432fc
- SHA512
  
  2ef19c2154aab17f0e16ae473d19d1014e8cf414d304cbc88357fe0e2e89c68bd00920fe024226808284308c0241be84bcb505a2a0d612b09ba6fbc5c6273f39
- SSDEEP
  
  3072:AO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:AgFtboVBJtNWyPnYG4fUbk
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence