ed056225871cdbb01d3c0481d4363d7ea261ec89f999d9399c049d665fda057a | Triage

Sharing

General

Target

ed056225871cdbb01d3c0481d4363d7ea261ec89f999d9399c049d665fda057a
Size

971KB
Sample

221002-y7ajbaagfr
MD5

72611f4dcf19f7acaaa94370ef1d459d
SHA1

dc951218427ed469d37a5b69663048a4a0980617
SHA256

ed056225871cdbb01d3c0481d4363d7ea261ec89f999d9399c049d665fda057a
SHA512

300a3129b3905416be43e0248c8d9ade8c63ddf8bc58d14fedecb30de70ac4e821b28d8762b7801baf4cb4f35c0bca4fd3ec9c03bb06c6fbb54a203209ebd62c
SSDEEP

12288:rjS3Yvyn/0TkLFU64gLF5LFjxIZhKp1NpLC:ru3Y54x4kXlIZha7LC

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ed056225871cdbb01d3c0481d4363d7ea261ec89f999d9399c049d665fda057a
- Size
  
  971KB
- MD5
  
  72611f4dcf19f7acaaa94370ef1d459d
- SHA1
  
  dc951218427ed469d37a5b69663048a4a0980617
- SHA256
  
  ed056225871cdbb01d3c0481d4363d7ea261ec89f999d9399c049d665fda057a
- SHA512
  
  300a3129b3905416be43e0248c8d9ade8c63ddf8bc58d14fedecb30de70ac4e821b28d8762b7801baf4cb4f35c0bca4fd3ec9c03bb06c6fbb54a203209ebd62c
- SSDEEP
  
  12288:rjS3Yvyn/0TkLFU64gLF5LFjxIZhKp1NpLC:ru3Y54x4kXlIZha7LC
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2