General

  • Target

    d1bf7ec60bcb74dd395f92a1ddb5a2a66e9913514e0f7428681e9a8d7fe25b1e

  • Size

    87KB

  • Sample

    210314-fm2gjdd176

  • MD5

    8944bc22235936b73bdf874bfa4d1a64

  • SHA1

    6f48fb18ffd6497fbdc951b4d96340e878921d91

  • SHA256

    d1bf7ec60bcb74dd395f92a1ddb5a2a66e9913514e0f7428681e9a8d7fe25b1e

  • SHA512

    e3d637bdb3d5c4fda8a34eb3f47bdee837c514c5481067cf8c20a523430ca2b5bcd8ea20c5c79d7ea3c627b214cf89dc59c96c6d1a3983f6c77a489c489de9c2

Score
10/10

Malware Config

Targets

    • Target

      d1bf7ec60bcb74dd395f92a1ddb5a2a66e9913514e0f7428681e9a8d7fe25b1e

    • Size

      87KB

    • MD5

      8944bc22235936b73bdf874bfa4d1a64

    • SHA1

      6f48fb18ffd6497fbdc951b4d96340e878921d91

    • SHA256

      d1bf7ec60bcb74dd395f92a1ddb5a2a66e9913514e0f7428681e9a8d7fe25b1e

    • SHA512

      e3d637bdb3d5c4fda8a34eb3f47bdee837c514c5481067cf8c20a523430ca2b5bcd8ea20c5c79d7ea3c627b214cf89dc59c96c6d1a3983f6c77a489c489de9c2

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks