19be59c8115f37ce3beedc15a65d29d5c36e384663b84cdd93b1243a8d8328ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19be59c8115f37ce3beedc15a65d29d5c36e384663b84cdd93b1243a8d8328ffN
Size

392KB
Sample

241011-3s617avglk
MD5

a898ce490875ae0eb16a75d5a1b52370
SHA1

f03d7da4e3a2434734b5e592956a18419e3c730f
SHA256

19be59c8115f37ce3beedc15a65d29d5c36e384663b84cdd93b1243a8d8328ff
SHA512

38fc654ece5ee2679d5dcc54e96c1fa15c8f41683d01ce8a38e77a23f5f05c421b0eab35d177bd63c16f75a85c6ca881ee6297c6bac7ccb35b34d7e80c4b9290
SSDEEP

6144:OExz45gS77yQi8Dq+9fXphN2LfjEcYzaWqr57Q7Xwxc4SQjWvvfx:cgS7XDq+pcYWWqtfxvSQj2fx

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  19be59c8115f37ce3beedc15a65d29d5c36e384663b84cdd93b1243a8d8328ffN
- Size
  
  392KB
- MD5
  
  a898ce490875ae0eb16a75d5a1b52370
- SHA1
  
  f03d7da4e3a2434734b5e592956a18419e3c730f
- SHA256
  
  19be59c8115f37ce3beedc15a65d29d5c36e384663b84cdd93b1243a8d8328ff
- SHA512
  
  38fc654ece5ee2679d5dcc54e96c1fa15c8f41683d01ce8a38e77a23f5f05c421b0eab35d177bd63c16f75a85c6ca881ee6297c6bac7ccb35b34d7e80c4b9290
- SSDEEP
  
  6144:OExz45gS77yQi8Dq+9fXphN2LfjEcYzaWqr57Q7Xwxc4SQjWvvfx:cgS7XDq+pcYWWqtfxvSQj2fx
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence