ad861f41bb4a31ee778bf60cecf0a7bdd9c0cc91d5cc17775d15199c214fbccf | Triage

Sharing

General

Target

OsLock.exe
Size

385KB
Sample

241122-k778paxrf1
MD5

675ea787630f596da0474830ffb49723
SHA1

c8e18cbc3cca1ded47eb5860a71b9f22d46409e1
SHA256

ad861f41bb4a31ee778bf60cecf0a7bdd9c0cc91d5cc17775d15199c214fbccf
SHA512

fa3c2c6edd3435bd16ec652c1738695cd1e8cdbd010b55fd856cefdbebd50552074d06e9b66860fae9c3a2f71ffe1076bb0227944b49286f05e1a3a4c871014d
SSDEEP

6144:Z1IE/9oydPc4IvjTZlyZsDDyr3rAUp48zUCpM69/KImQi/6ebkY:Z1vlc4IrTZlyGDc54

Score

10^/10

defense_evasion persistence

Malware Config

Targets

- Target
  
  OsLock.exe
- Size
  
  385KB
- MD5
  
  675ea787630f596da0474830ffb49723
- SHA1
  
  c8e18cbc3cca1ded47eb5860a71b9f22d46409e1
- SHA256
  
  ad861f41bb4a31ee778bf60cecf0a7bdd9c0cc91d5cc17775d15199c214fbccf
- SHA512
  
  fa3c2c6edd3435bd16ec652c1738695cd1e8cdbd010b55fd856cefdbebd50552074d06e9b66860fae9c3a2f71ffe1076bb0227944b49286f05e1a3a4c871014d
- SSDEEP
  
  6144:Z1IE/9oydPc4IvjTZlyZsDDyr3rAUp48zUCpM69/KImQi/6ebkY:Z1vlc4IrTZlyGDc54
Score

10^/10

defense_evasion persistence
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistence

behavioral2

defense_evasionpersistence