913d542d6db75fd841964c14b36eada8e3d9842b93dd9e6019bc48aa61d3ca3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

913d542d6db75fd841964c14b36eada8e3d9842b93dd9e6019bc48aa61d3ca3b
Size

912KB
Sample

221002-fpnzwahfh2
MD5

5069ad0484679f889fd3d7788072e380
SHA1

35d0d2bf345e96bf248d39b25745fcc6796d8991
SHA256

913d542d6db75fd841964c14b36eada8e3d9842b93dd9e6019bc48aa61d3ca3b
SHA512

f212513e005131111183fed5db102c801699c47662f9543a30090e1575e795c67f211fb4b5fad52f7af3e59891dde56702ff6871b708d9a7ccbe56343f67ec33
SSDEEP

12288:HXZKu9TygrJ9YQ1DNIZmzIbwUB/7sTc5HBX+SETc5HBX+Sb:HXZJRimzIbwu/QTcfTETcfTb

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  913d542d6db75fd841964c14b36eada8e3d9842b93dd9e6019bc48aa61d3ca3b
- Size
  
  912KB
- MD5
  
  5069ad0484679f889fd3d7788072e380
- SHA1
  
  35d0d2bf345e96bf248d39b25745fcc6796d8991
- SHA256
  
  913d542d6db75fd841964c14b36eada8e3d9842b93dd9e6019bc48aa61d3ca3b
- SHA512
  
  f212513e005131111183fed5db102c801699c47662f9543a30090e1575e795c67f211fb4b5fad52f7af3e59891dde56702ff6871b708d9a7ccbe56343f67ec33
- SSDEEP
  
  12288:HXZKu9TygrJ9YQ1DNIZmzIbwUB/7sTc5HBX+SETc5HBX+Sb:HXZJRimzIbwu/QTcfTETcfTb
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2