General

  • Target

    7e48a2f2231593640d5659851dad095edf15e19c24dbe1e29297ddc52fcf8f2b

  • Size

    212KB

  • Sample

    221020-dt4j1sbhg4

  • MD5

    52aa68a076b089ea3570b00f1891e4a4

  • SHA1

    430e28c1452084e41954d3a7c3d2b3b9642df4bb

  • SHA256

    7e48a2f2231593640d5659851dad095edf15e19c24dbe1e29297ddc52fcf8f2b

  • SHA512

    676773c2b4a6228cfb1e056c969ef7a7f8ef7b214bc777912ddc85138b847d55c808cbcb7811ab72547f58dd141f6644e7f6b34282dbc0b592e1caaa151a36bb

  • SSDEEP

    3072:ZQExuz37QQK2PFuCNZ1z4FtP7qM98mORblMMIVBri4hDjKNhLf9TOaB4:VxuzthbZAOM98tp4vrLpGN1f9Oa2

Malware Config

Targets

    • Target

      7e48a2f2231593640d5659851dad095edf15e19c24dbe1e29297ddc52fcf8f2b

    • Size

      212KB

    • MD5

      52aa68a076b089ea3570b00f1891e4a4

    • SHA1

      430e28c1452084e41954d3a7c3d2b3b9642df4bb

    • SHA256

      7e48a2f2231593640d5659851dad095edf15e19c24dbe1e29297ddc52fcf8f2b

    • SHA512

      676773c2b4a6228cfb1e056c969ef7a7f8ef7b214bc777912ddc85138b847d55c808cbcb7811ab72547f58dd141f6644e7f6b34282dbc0b592e1caaa151a36bb

    • SSDEEP

      3072:ZQExuz37QQK2PFuCNZ1z4FtP7qM98mORblMMIVBri4hDjKNhLf9TOaB4:VxuzthbZAOM98tp4vrLpGN1f9Oa2

    • Modifies WinLogon for persistence

    • UAC bypass

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks