0950663ad0e7a2498cd96444cf37f8fe4c3646fc0056b6abd25d0ccd1a781d04 | Triage

Sharing

General

Target

0950663ad0e7a2498cd96444cf37f8fe4c3646fc0056b6abd25d0ccd1a781d04
Size

204KB
Sample

241119-x297ba1fpk
MD5

67aaef7927e3eee14ad886752c81976b
SHA1

94556579509742e1be30dc8d1a0c26eb78790233
SHA256

0950663ad0e7a2498cd96444cf37f8fe4c3646fc0056b6abd25d0ccd1a781d04
SHA512

0befc2d61492850e9e8232bcab27cf7988437d1f5b88367b8b015cefde84cbdd1ce100223571181d29d987ce4103a48e208085ec2fdf921fc0ab1bcd2aa8dc92
SSDEEP

3072:mO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:mgFtboVBJtNWyPnYG4fUbk

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  0950663ad0e7a2498cd96444cf37f8fe4c3646fc0056b6abd25d0ccd1a781d04
- Size
  
  204KB
- MD5
  
  67aaef7927e3eee14ad886752c81976b
- SHA1
  
  94556579509742e1be30dc8d1a0c26eb78790233
- SHA256
  
  0950663ad0e7a2498cd96444cf37f8fe4c3646fc0056b6abd25d0ccd1a781d04
- SHA512
  
  0befc2d61492850e9e8232bcab27cf7988437d1f5b88367b8b015cefde84cbdd1ce100223571181d29d987ce4103a48e208085ec2fdf921fc0ab1bcd2aa8dc92
- SSDEEP
  
  3072:mO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:mgFtboVBJtNWyPnYG4fUbk
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence