523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd | Triage

Sharing

General

Target

523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd
Size

109KB
Sample

221020-z1rppaehd3
MD5

a00b0e934ffc9b757ecdf209d941a5c0
SHA1

07ada1eb9d648d040a423d6ddea977a341f7f0a2
SHA256

523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd
SHA512

dfc2d85a7d2073825a18eec14f8676a1166df235bc7d1c2bb52b7a4e43ae8e4d77344614b5e4180e146ea693315d189020ee05e90678bbcbdaf2988b497ddb67
SSDEEP

3072:JTbD29WtS209fvFGgCr+zHB7szvphZ5gQrwWwzdFxI+:BbaLBFGNvphZ5HZGdF

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd
- Size
  
  109KB
- MD5
  
  a00b0e934ffc9b757ecdf209d941a5c0
- SHA1
  
  07ada1eb9d648d040a423d6ddea977a341f7f0a2
- SHA256
  
  523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd
- SHA512
  
  dfc2d85a7d2073825a18eec14f8676a1166df235bc7d1c2bb52b7a4e43ae8e4d77344614b5e4180e146ea693315d189020ee05e90678bbcbdaf2988b497ddb67
- SSDEEP
  
  3072:JTbD29WtS209fvFGgCr+zHB7szvphZ5gQrwWwzdFxI+:BbaLBFGNvphZ5HZGdF
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2