ef6da94e32ba47cc96b59f26184f1b812868241fd1bdb6ba351ada0ff8c474f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef6da94e32ba47cc96b59f26184f1b812868241fd1bdb6ba351ada0ff8c474f7
Size

805KB
Sample

221003-yrllmsdea6
MD5

6bf2d216b94f8a20570304926d5c2ad4
SHA1

9b029e9f0f269585cd3bc6df6706c7c3f1240fb4
SHA256

ef6da94e32ba47cc96b59f26184f1b812868241fd1bdb6ba351ada0ff8c474f7
SHA512

f82943bd8124419c56e57d7785906a4a08e72a773546a2c2c176d3c3484ddb8ebfbe34f04d49e1cf1a3385120b90e00a791444c2d93c3687cebf8dd9486f50a9
SSDEEP

12288:rj9l69ZU++3jUOIcr1MFNXJKsg1VlTc5HBX+SSaXiANrT:rDsOIcrMXosg1VlTcfTSayErT

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  ef6da94e32ba47cc96b59f26184f1b812868241fd1bdb6ba351ada0ff8c474f7
- Size
  
  805KB
- MD5
  
  6bf2d216b94f8a20570304926d5c2ad4
- SHA1
  
  9b029e9f0f269585cd3bc6df6706c7c3f1240fb4
- SHA256
  
  ef6da94e32ba47cc96b59f26184f1b812868241fd1bdb6ba351ada0ff8c474f7
- SHA512
  
  f82943bd8124419c56e57d7785906a4a08e72a773546a2c2c176d3c3484ddb8ebfbe34f04d49e1cf1a3385120b90e00a791444c2d93c3687cebf8dd9486f50a9
- SSDEEP
  
  12288:rj9l69ZU++3jUOIcr1MFNXJKsg1VlTc5HBX+SSaXiANrT:rDsOIcrMXosg1VlTcfTSayErT
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2