69904793bd64c78325ea3568c01937266f4219e039bb7946d7132bfaf4afac5f | Triage

Sharing

General

Target

69904793bd64c78325ea3568c01937266f4219e039bb7946d7132bfaf4afac5fN.exe
Size

556KB
Sample

241120-xtltrascqn
MD5

9fefe35d65820c2497e69ee0b90476e0
SHA1

f947a9823278e5994eba680d9395f733158d4300
SHA256

69904793bd64c78325ea3568c01937266f4219e039bb7946d7132bfaf4afac5f
SHA512

edcd65be296d1b033889c35d01e36f9cd51264e50016d0e96e61fa7ace500577aeca4c63a4fe2d551539670a527eb937ca28d55782694b9af0903b0e67a8c0a6
SSDEEP

12288:51bHV9kkPX5kAaA2od1sx/9o1BykhXAXxpsVZi0Ee/Y7lspVPgFSHSuxHE:51b1NX5kAaQd1s/oykihpsVcRe/GIVEb

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  69904793bd64c78325ea3568c01937266f4219e039bb7946d7132bfaf4afac5fN.exe
- Size
  
  556KB
- MD5
  
  9fefe35d65820c2497e69ee0b90476e0
- SHA1
  
  f947a9823278e5994eba680d9395f733158d4300
- SHA256
  
  69904793bd64c78325ea3568c01937266f4219e039bb7946d7132bfaf4afac5f
- SHA512
  
  edcd65be296d1b033889c35d01e36f9cd51264e50016d0e96e61fa7ace500577aeca4c63a4fe2d551539670a527eb937ca28d55782694b9af0903b0e67a8c0a6
- SSDEEP
  
  12288:51bHV9kkPX5kAaA2od1sx/9o1BykhXAXxpsVZi0Ee/Y7lspVPgFSHSuxHE:51b1NX5kAaQd1s/oykihpsVcRe/GIVEb
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence