a1759473d43b5ab0f89469debef7ed20483a186a6caf791f17d2afeccd782b05 | Triage

Sharing

General

Target

a1759473d43b5ab0f89469debef7ed20483a186a6caf791f17d2afeccd782b05
Size

903KB
Sample

221001-wsm5rahhb9
MD5

7ae0d2711b6fb7c260b9f0d9cc7b017d
SHA1

1479735529dd7c5f601b4af1ab2ca987af583d43
SHA256

a1759473d43b5ab0f89469debef7ed20483a186a6caf791f17d2afeccd782b05
SHA512

3a650ea44c7857f1a079cb45cd375221b1371633b95cf146ecf5ead966b20fb2dc9f844719958ac058acbad840392e1c6e426581f2988a9f2b997cbab7a572ba
SSDEEP

6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSj9ltfgIg+oaeRB0g86XRB0g86j0q5Lm17zw:rjS3Yvyn/0TkLFesgHsgT0q5Lou

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a1759473d43b5ab0f89469debef7ed20483a186a6caf791f17d2afeccd782b05
- Size
  
  903KB
- MD5
  
  7ae0d2711b6fb7c260b9f0d9cc7b017d
- SHA1
  
  1479735529dd7c5f601b4af1ab2ca987af583d43
- SHA256
  
  a1759473d43b5ab0f89469debef7ed20483a186a6caf791f17d2afeccd782b05
- SHA512
  
  3a650ea44c7857f1a079cb45cd375221b1371633b95cf146ecf5ead966b20fb2dc9f844719958ac058acbad840392e1c6e426581f2988a9f2b997cbab7a572ba
- SSDEEP
  
  6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSj9ltfgIg+oaeRB0g86XRB0g86j0q5Lm17zw:rjS3Yvyn/0TkLFesgHsgT0q5Lou
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2