24f234bdcd251a6a1b67eb893a24673119b7974050ee5fb705ecede4be315b92 | Triage

Sharing

General

Target

24f234bdcd251a6a1b67eb893a24673119b7974050ee5fb705ecede4be315b92
Size

2.2MB
Sample

220919-nnyfxsegh2
MD5

d9e39c24bfe27325ac6880dac794f584
SHA1

21f53606ddc8b2e576c27c318fe2b6e1a1de6ae5
SHA256

24f234bdcd251a6a1b67eb893a24673119b7974050ee5fb705ecede4be315b92
SHA512

6b9d696d6dde4812e2530dfe62d3bb63b72705c8380891670300a1f36630e1f1cbf986b2571d2a3a99c049d575e8819466898414f38f5947a0ffef91115cd5c9
SSDEEP

49152:yYEuESye17TR/mDsf2sa6Ppj4Hp1bhGuz2l0EsqTkQMZD8ZUMfo7d0:yYymc4DPp4HXhfq6EsqQ5wBo7d

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  24f234bdcd251a6a1b67eb893a24673119b7974050ee5fb705ecede4be315b92
- Size
  
  2.2MB
- MD5
  
  d9e39c24bfe27325ac6880dac794f584
- SHA1
  
  21f53606ddc8b2e576c27c318fe2b6e1a1de6ae5
- SHA256
  
  24f234bdcd251a6a1b67eb893a24673119b7974050ee5fb705ecede4be315b92
- SHA512
  
  6b9d696d6dde4812e2530dfe62d3bb63b72705c8380891670300a1f36630e1f1cbf986b2571d2a3a99c049d575e8819466898414f38f5947a0ffef91115cd5c9
- SSDEEP
  
  49152:yYEuESye17TR/mDsf2sa6Ppj4Hp1bhGuz2l0EsqTkQMZD8ZUMfo7d0:yYymc4DPp4HXhfq6EsqQ5wBo7d
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2