b8ed05d65b6c38c3c8516a020a758266cf37fbe499a475b6ae5ff9e1b6c677c7 | Triage

Sharing

General

Target

b8ed05d65b6c38c3c8516a020a758266cf37fbe499a475b6ae5ff9e1b6c677c7.exe
Size

348KB
Sample

241119-nwghdazrbk
MD5

f20cb3e2b8a87144b6d3e21c9cf255fd
SHA1

6f85f2adeac9eb8e6dd55bf7a25a3c7cbe5baa89
SHA256

b8ed05d65b6c38c3c8516a020a758266cf37fbe499a475b6ae5ff9e1b6c677c7
SHA512

fa6ea0228b8a2ae02ef731decfa1df286d88d3062b98f8daeb483bf5214acb52e79375fc84389febdd4e8827cfed7d718b22fee1547fa026136157aebfe9c945
SSDEEP

6144:n45rA5wSkJY8R/kpM3kRaWV/wEsNbqw8QlRTFiPurp+EStS3sthe:hwSkB/kBubqw8vm+EKS3se

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  b8ed05d65b6c38c3c8516a020a758266cf37fbe499a475b6ae5ff9e1b6c677c7.exe
- Size
  
  348KB
- MD5
  
  f20cb3e2b8a87144b6d3e21c9cf255fd
- SHA1
  
  6f85f2adeac9eb8e6dd55bf7a25a3c7cbe5baa89
- SHA256
  
  b8ed05d65b6c38c3c8516a020a758266cf37fbe499a475b6ae5ff9e1b6c677c7
- SHA512
  
  fa6ea0228b8a2ae02ef731decfa1df286d88d3062b98f8daeb483bf5214acb52e79375fc84389febdd4e8827cfed7d718b22fee1547fa026136157aebfe9c945
- SSDEEP
  
  6144:n45rA5wSkJY8R/kpM3kRaWV/wEsNbqw8QlRTFiPurp+EStS3sthe:hwSkB/kBubqw8vm+EKS3se
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence