44a19b000695b25bf74a0d1a627960e390411d8f48d17634299fb718ac24334a | Triage

Sharing

General

Target

44a19b000695b25bf74a0d1a627960e390411d8f48d17634299fb718ac24334a
Size

887KB
Sample

221002-y7zs7saghr
MD5

6c5e2996e2241d84f6b4b423190dcc9a
SHA1

f5ab483cd9f743a368ae12c1b2d4d669ac6263fb
SHA256

44a19b000695b25bf74a0d1a627960e390411d8f48d17634299fb718ac24334a
SHA512

297b37414b6c3fca77c8209cfb285d364078bc4c1f98f5779c72379ee0c5ec2cf3f6f501d787d72145464ef3917744229bc41eb210252ab2e732c8d2a4bfd9c0
SSDEEP

12288:rjS3Yvyn/0TvhifHW8NUnVuCjNHtJsqb6y0q5LD:ru3Y578NUnV9jNHf1Wm

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  44a19b000695b25bf74a0d1a627960e390411d8f48d17634299fb718ac24334a
- Size
  
  887KB
- MD5
  
  6c5e2996e2241d84f6b4b423190dcc9a
- SHA1
  
  f5ab483cd9f743a368ae12c1b2d4d669ac6263fb
- SHA256
  
  44a19b000695b25bf74a0d1a627960e390411d8f48d17634299fb718ac24334a
- SHA512
  
  297b37414b6c3fca77c8209cfb285d364078bc4c1f98f5779c72379ee0c5ec2cf3f6f501d787d72145464ef3917744229bc41eb210252ab2e732c8d2a4bfd9c0
- SSDEEP
  
  12288:rjS3Yvyn/0TvhifHW8NUnVuCjNHtJsqb6y0q5LD:ru3Y578NUnV9jNHf1Wm
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2