64735a1cf92f339d71e9753cd89960377a6703eede35d5e5a146435b640ae389 | Triage

Sharing

General

Target

64735a1cf92f339d71e9753cd89960377a6703eede35d5e5a146435b640ae389
Size

30KB
Sample

221021-dbhjtshce5
MD5

72fc2816c0706df8b4cf6d6527705400
SHA1

94bc7e140d064d679ddbeafc9fc1b07243fa2731
SHA256

64735a1cf92f339d71e9753cd89960377a6703eede35d5e5a146435b640ae389
SHA512

74704dc890cca37dcbf60057a4370c3590131f36117cab92c51ad95e8dec193f6f9bb102584be63b1506c8e5328eb1075f930dd845d2c8a9a88f9b324fadb9d6
SSDEEP

768:bLt9cVrFuxrzrldoAk26gGue3wU+H8ZCD:bJcRyrldpx3Gu2SH8ZCD

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  64735a1cf92f339d71e9753cd89960377a6703eede35d5e5a146435b640ae389
- Size
  
  30KB
- MD5
  
  72fc2816c0706df8b4cf6d6527705400
- SHA1
  
  94bc7e140d064d679ddbeafc9fc1b07243fa2731
- SHA256
  
  64735a1cf92f339d71e9753cd89960377a6703eede35d5e5a146435b640ae389
- SHA512
  
  74704dc890cca37dcbf60057a4370c3590131f36117cab92c51ad95e8dec193f6f9bb102584be63b1506c8e5328eb1075f930dd845d2c8a9a88f9b324fadb9d6
- SSDEEP
  
  768:bLt9cVrFuxrzrldoAk26gGue3wU+H8ZCD:bJcRyrldpx3Gu2SH8ZCD
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2