99ffba5a4a3c287022b7e3ce208ee4e6b66e615f10a7077fb2d4c909e2570b18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99ffba5a4a3c287022b7e3ce208ee4e6b66e615f10a7077fb2d4c909e2570b18N
Size

348KB
Sample

241004-nk6m5a1fkj
MD5

9634ac4cd26a089ba4347ba8c04df6f0
SHA1

ddcb2a2521d098141f9b5a08a2fd03c4f2eb6ab2
SHA256

99ffba5a4a3c287022b7e3ce208ee4e6b66e615f10a7077fb2d4c909e2570b18
SHA512

461d16b0586d348cf6592327b02e538a0bab5a26182d7a585bce6bf0cdcc2d0bffc0a19e24e80efc1879e0fed2f98ca5f2cfb94e06df11eb4486baad27d13be6
SSDEEP

6144:Y45rA5wSkJY8R/kpM3kRaWV/wEsNbqw8QlRTFiPurp+EStS3sth:GwSkB/kBubqw8vm+EKS3s

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  99ffba5a4a3c287022b7e3ce208ee4e6b66e615f10a7077fb2d4c909e2570b18N
- Size
  
  348KB
- MD5
  
  9634ac4cd26a089ba4347ba8c04df6f0
- SHA1
  
  ddcb2a2521d098141f9b5a08a2fd03c4f2eb6ab2
- SHA256
  
  99ffba5a4a3c287022b7e3ce208ee4e6b66e615f10a7077fb2d4c909e2570b18
- SHA512
  
  461d16b0586d348cf6592327b02e538a0bab5a26182d7a585bce6bf0cdcc2d0bffc0a19e24e80efc1879e0fed2f98ca5f2cfb94e06df11eb4486baad27d13be6
- SSDEEP
  
  6144:Y45rA5wSkJY8R/kpM3kRaWV/wEsNbqw8QlRTFiPurp+EStS3sth:GwSkB/kBubqw8vm+EKS3s
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence