cf2672ad61fb2ddd3097ab05e3287b7b38507d8770dcc459af176080f91315f6 | Triage

Sharing

General

Target

cf2672ad61fb2ddd3097ab05e3287b7b38507d8770dcc459af176080f91315f6
Size

78KB
Sample

220919-ydsg2aabfm
MD5

b02a42a3dc16c2f7e971107c7aec01c3
SHA1

a12b83983647fb0ed5fb1303f7ff8cd5ded1e699
SHA256

cf2672ad61fb2ddd3097ab05e3287b7b38507d8770dcc459af176080f91315f6
SHA512

a840d0e51924ebceaf9411a1d519997cb7e1a8fb18d257fcd18202839d440adbc705a49b2c15af9004420d062ed794baf3c3f22a64c5271978971280335fc7ec
SSDEEP

1536:GN9KsMdRp+yAqR4ssWWLN/fcBLjD0IIR05LGBD1hvVL3bBKmo3STBs7:oKf3p+yAqRdy/fQwIhLGBDrvdbBVo3sa

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  cf2672ad61fb2ddd3097ab05e3287b7b38507d8770dcc459af176080f91315f6
- Size
  
  78KB
- MD5
  
  b02a42a3dc16c2f7e971107c7aec01c3
- SHA1
  
  a12b83983647fb0ed5fb1303f7ff8cd5ded1e699
- SHA256
  
  cf2672ad61fb2ddd3097ab05e3287b7b38507d8770dcc459af176080f91315f6
- SHA512
  
  a840d0e51924ebceaf9411a1d519997cb7e1a8fb18d257fcd18202839d440adbc705a49b2c15af9004420d062ed794baf3c3f22a64c5271978971280335fc7ec
- SSDEEP
  
  1536:GN9KsMdRp+yAqR4ssWWLN/fcBLjD0IIR05LGBD1hvVL3bBKmo3STBs7:oKf3p+yAqRdy/fQwIhLGBDrvdbBVo3sa
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2