General

  • Target

    dd72267021d95fea28ad3faf622b5350554ec837f6fd0baa367733c49b2c1279

  • Size

    98KB

  • Sample

    201011-pcqkcp1sba

  • MD5

    0ee4f395dd071f169e95e34454bbf446

  • SHA1

    c492097baec0d9d5b3e903cd41915ab5e24a966f

  • SHA256

    dd72267021d95fea28ad3faf622b5350554ec837f6fd0baa367733c49b2c1279

  • SHA512

    ecf8de847a8d1eed4f41bf42c16436588f0ae0061e4a8aa859f714daed38d832979f7eed91bceec2e06b68077fb23a7cd7e47506b7db44039d8abefa827a9e08

Score
10/10

Malware Config

Targets

    • Target

      dd72267021d95fea28ad3faf622b5350554ec837f6fd0baa367733c49b2c1279

    • Size

      98KB

    • MD5

      0ee4f395dd071f169e95e34454bbf446

    • SHA1

      c492097baec0d9d5b3e903cd41915ab5e24a966f

    • SHA256

      dd72267021d95fea28ad3faf622b5350554ec837f6fd0baa367733c49b2c1279

    • SHA512

      ecf8de847a8d1eed4f41bf42c16436588f0ae0061e4a8aa859f714daed38d832979f7eed91bceec2e06b68077fb23a7cd7e47506b7db44039d8abefa827a9e08

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks