73e917e0c7de683250bafa1501d72669799695424a020f9a4fd01e7734a62424 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73e917e0c7de683250bafa1501d72669799695424a020f9a4fd01e7734a62424
Size

77KB
Sample

220919-ydn5lseec3
MD5

b9f344ed34764031c4f0c474f5ee28b4
SHA1

f39140bb9e06990d4e8ed0adbf1b9ffb289debba
SHA256

73e917e0c7de683250bafa1501d72669799695424a020f9a4fd01e7734a62424
SHA512

c7da3a1067b3b2423e698665508f247f231c829f63ce1c4656bc5ef1d5e2b3da3e0b27f215865f0953fb75a85e82484f1076c507ffca6c984babd77c97a1d2e9
SSDEEP

1536:lXDPuD+yARaNoOdnBS42N5/D42hFmmdXtv7vBobWdbBPmYD+T4:NDPuD+yAR4eDL4/mdXt7bBuYDL

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  73e917e0c7de683250bafa1501d72669799695424a020f9a4fd01e7734a62424
- Size
  
  77KB
- MD5
  
  b9f344ed34764031c4f0c474f5ee28b4
- SHA1
  
  f39140bb9e06990d4e8ed0adbf1b9ffb289debba
- SHA256
  
  73e917e0c7de683250bafa1501d72669799695424a020f9a4fd01e7734a62424
- SHA512
  
  c7da3a1067b3b2423e698665508f247f231c829f63ce1c4656bc5ef1d5e2b3da3e0b27f215865f0953fb75a85e82484f1076c507ffca6c984babd77c97a1d2e9
- SSDEEP
  
  1536:lXDPuD+yARaNoOdnBS42N5/D42hFmmdXtv7vBobWdbBPmYD+T4:NDPuD+yAR4eDL4/mdXt7bBuYDL
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2