dee5627b5e4aa2a4d6ab9ab07d28041fce2cbae835ded911608ccc6acf0ebc85 | Triage

Sharing

General

Target

dee5627b5e4aa2a4d6ab9ab07d28041fce2cbae835ded911608ccc6acf0ebc85
Size

204KB
Sample

241120-fcfgza1lg1
MD5

5866cbd8f155f9a52a5c06cfede3f26f
SHA1

89bc8ec013bdac6de4e81eb7e2b7233554b554cc
SHA256

dee5627b5e4aa2a4d6ab9ab07d28041fce2cbae835ded911608ccc6acf0ebc85
SHA512

420db1a5e94d5e0991c9dd96da79c6f613b52fa9d4791d05c2930d02b48a9b9957c9cee5cc411d26d7d9b35541d69a9648cb8c2e8273f7e4228e3d329a9f6050
SSDEEP

3072:9O/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:9gFtboVBJtNWyPnYG4fUbk

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  dee5627b5e4aa2a4d6ab9ab07d28041fce2cbae835ded911608ccc6acf0ebc85
- Size
  
  204KB
- MD5
  
  5866cbd8f155f9a52a5c06cfede3f26f
- SHA1
  
  89bc8ec013bdac6de4e81eb7e2b7233554b554cc
- SHA256
  
  dee5627b5e4aa2a4d6ab9ab07d28041fce2cbae835ded911608ccc6acf0ebc85
- SHA512
  
  420db1a5e94d5e0991c9dd96da79c6f613b52fa9d4791d05c2930d02b48a9b9957c9cee5cc411d26d7d9b35541d69a9648cb8c2e8273f7e4228e3d329a9f6050
- SSDEEP
  
  3072:9O/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:9gFtboVBJtNWyPnYG4fUbk
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence