cafa3a9f6e1d227791542ae76b2a47242d5b0b62e9d26965a8a46cc9e60c055e | Triage

Sharing

General

Target

cafa3a9f6e1d227791542ae76b2a47242d5b0b62e9d26965a8a46cc9e60c055e.exe
Size

240KB
Sample

241122-xjempaskfp
MD5

5a547ec7ca82bdacf788e603f99af09b
SHA1

615dc3fdcd52a3c60d8e59fb4e0fc81f5cb2436f
SHA256

cafa3a9f6e1d227791542ae76b2a47242d5b0b62e9d26965a8a46cc9e60c055e
SHA512

b51234b2d47181debff9c569fc24e88661c2b15bf1359be5b135b75e3b99ee2c55d2b64639ddb4f01faa880caee3b867e599a255b9294866ad59e6647f23c084
SSDEEP

6144:5uOYYecObhLvkiL2XOdldJNifl4wwXCAjVrUEzvbeTIu//Y:cK1y9hrTiN4nBRrUS6Tf/w

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  cafa3a9f6e1d227791542ae76b2a47242d5b0b62e9d26965a8a46cc9e60c055e.exe
- Size
  
  240KB
- MD5
  
  5a547ec7ca82bdacf788e603f99af09b
- SHA1
  
  615dc3fdcd52a3c60d8e59fb4e0fc81f5cb2436f
- SHA256
  
  cafa3a9f6e1d227791542ae76b2a47242d5b0b62e9d26965a8a46cc9e60c055e
- SHA512
  
  b51234b2d47181debff9c569fc24e88661c2b15bf1359be5b135b75e3b99ee2c55d2b64639ddb4f01faa880caee3b867e599a255b9294866ad59e6647f23c084
- SSDEEP
  
  6144:5uOYYecObhLvkiL2XOdldJNifl4wwXCAjVrUEzvbeTIu//Y:cK1y9hrTiN4nBRrUS6Tf/w
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence