b33e6cef29dcf3e278c2a368fa4fd6504e053c956bd4fa19de7551b0495dd662 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b33e6cef29dcf3e278c2a368fa4fd6504e053c956bd4fa19de7551b0495dd662
Size

43KB
Sample

221030-fzpddseffr
MD5

84741f682497a91e38055e7537ceb4c0
SHA1

072a3a1d01c55723af714291a9f8b1fc21d98415
SHA256

b33e6cef29dcf3e278c2a368fa4fd6504e053c956bd4fa19de7551b0495dd662
SHA512

34801f3f556ae4aa9f3629c4fc355fed1cb6064e19e5881abe41dcdbad23f8f3ad26661d46296e2b40bbe27f54e229c08b81cbd64340ba9b7230d3e20fc1cc01
SSDEEP

768:ePFR/xxMnX1CZgv1w1E1S87jh/1tB67VpWCzZZmVtfloCrz++VyTihwKY:eDnMnX1CZgv1w1E1S87jXtApWUOtfSCq

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b33e6cef29dcf3e278c2a368fa4fd6504e053c956bd4fa19de7551b0495dd662
- Size
  
  43KB
- MD5
  
  84741f682497a91e38055e7537ceb4c0
- SHA1
  
  072a3a1d01c55723af714291a9f8b1fc21d98415
- SHA256
  
  b33e6cef29dcf3e278c2a368fa4fd6504e053c956bd4fa19de7551b0495dd662
- SHA512
  
  34801f3f556ae4aa9f3629c4fc355fed1cb6064e19e5881abe41dcdbad23f8f3ad26661d46296e2b40bbe27f54e229c08b81cbd64340ba9b7230d3e20fc1cc01
- SSDEEP
  
  768:ePFR/xxMnX1CZgv1w1E1S87jh/1tB67VpWCzZZmVtfloCrz++VyTihwKY:eDnMnX1CZgv1w1E1S87jXtApWUOtfSCq
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2