General

  • Target

    SecuriteInfo.com.Trojan.Inject4.43325.7583.18575.exe

  • Size

    6.5MB

  • Sample

    220925-hzc2gafabr

  • MD5

    35309a7f136e2c60ac74e53d0963a1e1

  • SHA1

    5cd75a85d5a8d9d86403527289bce54982a22dc1

  • SHA256

    e0418fa6c397e401b1cfdbb5202296c45ea77100ae6f9c7e5868cc3393a854ec

  • SHA512

    2624832b89cc792aab6b7f8366fd5afc5cf79aa5c3cdc20e45fd547b1d3d9a65ba057505f06ebf62b9dc6f71f104e152131b20c8cdcd6c5cd47b5c0c57b1a0ff

  • SSDEEP

    196608:Pv5UAWrtJP706QWu8Cx6TTryUAv9Z0HfkN:n5hWrtl706Q/IH1Av9yHf

Score
10/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.Inject4.43325.7583.18575.exe

    • Size

      6.5MB

    • MD5

      35309a7f136e2c60ac74e53d0963a1e1

    • SHA1

      5cd75a85d5a8d9d86403527289bce54982a22dc1

    • SHA256

      e0418fa6c397e401b1cfdbb5202296c45ea77100ae6f9c7e5868cc3393a854ec

    • SHA512

      2624832b89cc792aab6b7f8366fd5afc5cf79aa5c3cdc20e45fd547b1d3d9a65ba057505f06ebf62b9dc6f71f104e152131b20c8cdcd6c5cd47b5c0c57b1a0ff

    • SSDEEP

      196608:Pv5UAWrtJP706QWu8Cx6TTryUAv9Z0HfkN:n5hWrtl706Q/IH1Av9yHf

    Score
    10/10
    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks