c86dcecc1d522a1e21dabe1af216042e78a8e40efa0031befc607252ec0a2ea4 | Triage

Sharing

General

Target

c86dcecc1d522a1e21dabe1af216042e78a8e40efa0031befc607252ec0a2ea4N
Size

125KB
Sample

241006-h26fsszajg
MD5

f1ee26f125dd878d7fb15dffe12345d0
SHA1

c7c97922348cc822b6ba389e4d85acb011ef60d0
SHA256

c86dcecc1d522a1e21dabe1af216042e78a8e40efa0031befc607252ec0a2ea4
SHA512

8e7c793e6b96723b89cb83f520378439442bc09140d873e663145db5921345f92357c8485f9ae2e24ca065cf9a5140d6aa69ff871fa1a802b37026fbb839bedd
SSDEEP

1536:jHFd9oTYmZcOmuC7YM6sbrwHlOzw1fLaFJurvO:xEsm+OmPYM6sHwHl2w1GFJurvO

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  c86dcecc1d522a1e21dabe1af216042e78a8e40efa0031befc607252ec0a2ea4N
- Size
  
  125KB
- MD5
  
  f1ee26f125dd878d7fb15dffe12345d0
- SHA1
  
  c7c97922348cc822b6ba389e4d85acb011ef60d0
- SHA256
  
  c86dcecc1d522a1e21dabe1af216042e78a8e40efa0031befc607252ec0a2ea4
- SHA512
  
  8e7c793e6b96723b89cb83f520378439442bc09140d873e663145db5921345f92357c8485f9ae2e24ca065cf9a5140d6aa69ff871fa1a802b37026fbb839bedd
- SSDEEP
  
  1536:jHFd9oTYmZcOmuC7YM6sbrwHlOzw1fLaFJurvO:xEsm+OmPYM6sHwHl2w1GFJurvO
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2