1e499f4181cdd44d44fef3a5096af26d79ed3183a10b88a40fca4a274ae7fcf1 | Triage

Sharing

General

Target

1e499f4181cdd44d44fef3a5096af26d79ed3183a10b88a40fca4a274ae7fcf1
Size

573KB
Sample

221003-hmfa3acae2
MD5

6a7fb43bc8f8f3930ba7a4540d6c16e0
SHA1

390f62373e50c1e7848a79cf87b9c292fc46e476
SHA256

1e499f4181cdd44d44fef3a5096af26d79ed3183a10b88a40fca4a274ae7fcf1
SHA512

20f6b60cafc87c4621839448d27847179a0d979be81651da84824ddc8af0c6775f68adeebb0cc882ef635303f1e801af6fc0ab1573d1516cc1009ff433c26ffa
SSDEEP

12288:bChzggPQoSk3qRlra/kb1CRnTP1Vs3kkG6FD:+hzgn/BcUCdPf0kkG6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1e499f4181cdd44d44fef3a5096af26d79ed3183a10b88a40fca4a274ae7fcf1
- Size
  
  573KB
- MD5
  
  6a7fb43bc8f8f3930ba7a4540d6c16e0
- SHA1
  
  390f62373e50c1e7848a79cf87b9c292fc46e476
- SHA256
  
  1e499f4181cdd44d44fef3a5096af26d79ed3183a10b88a40fca4a274ae7fcf1
- SHA512
  
  20f6b60cafc87c4621839448d27847179a0d979be81651da84824ddc8af0c6775f68adeebb0cc882ef635303f1e801af6fc0ab1573d1516cc1009ff433c26ffa
- SSDEEP
  
  12288:bChzggPQoSk3qRlra/kb1CRnTP1Vs3kkG6FD:+hzgn/BcUCdPf0kkG6
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence