794adfe27d453913e998004c928272f256bd2267a519e083da86e2fcebb8c1e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

794adfe27d453913e998004c928272f256bd2267a519e083da86e2fcebb8c1e6
Size

869KB
Sample

221002-y7r4cshea2
MD5

66156586ec84babbdbd7621960d663ed
SHA1

da357945720084bee3be7f0941c03538a25938bf
SHA256

794adfe27d453913e998004c928272f256bd2267a519e083da86e2fcebb8c1e6
SHA512

4c29cef6a870265b95f31775df58a644380b1b01d1e366c6b9a53a1e40f654faf11cbc85f4c9715bc1a93eee06193bf850fc4e461f1bce9fbb013fcb3dbd31d7
SSDEEP

6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSjyEN2ERBOzlgV6ub/OBRRehLgNuOPeHNEbK:rjS3Yvyn/0TvgVbGRettEbqrJftVb

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  794adfe27d453913e998004c928272f256bd2267a519e083da86e2fcebb8c1e6
- Size
  
  869KB
- MD5
  
  66156586ec84babbdbd7621960d663ed
- SHA1
  
  da357945720084bee3be7f0941c03538a25938bf
- SHA256
  
  794adfe27d453913e998004c928272f256bd2267a519e083da86e2fcebb8c1e6
- SHA512
  
  4c29cef6a870265b95f31775df58a644380b1b01d1e366c6b9a53a1e40f654faf11cbc85f4c9715bc1a93eee06193bf850fc4e461f1bce9fbb013fcb3dbd31d7
- SSDEEP
  
  6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSjyEN2ERBOzlgV6ub/OBRRehLgNuOPeHNEbK:rjS3Yvyn/0TvgVbGRettEbqrJftVb
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2