dc03811202946b63ebb783b03f8ab68ea472c8b6f823864f41c042bb05834dca | Triage

Sharing

General

Target

dc03811202946b63ebb783b03f8ab68ea472c8b6f823864f41c042bb05834dca
Size

139KB
Sample

221030-jctw5shdg3
MD5

a2a489c65a63aab6f844ed5d9ea450f2
SHA1

342180bd8289d5d6533dca49e12955d5bb4bb6ae
SHA256

dc03811202946b63ebb783b03f8ab68ea472c8b6f823864f41c042bb05834dca
SHA512

7beb2b469718c9e97d6edd6ac859a81b7ab853aba1a66107c771bbeecde0de0300876b201f453c3f42af52e38e88596147ec741b249950951d65729d1bcce9bd
SSDEEP

1536:xQpfzXlKMz5Au4aMhfj7bal423VWVxIK6K4kmFTSUorKLZ34:2RzXyu4aKj7bau23VSxIK6K/mFS/k

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  dc03811202946b63ebb783b03f8ab68ea472c8b6f823864f41c042bb05834dca
- Size
  
  139KB
- MD5
  
  a2a489c65a63aab6f844ed5d9ea450f2
- SHA1
  
  342180bd8289d5d6533dca49e12955d5bb4bb6ae
- SHA256
  
  dc03811202946b63ebb783b03f8ab68ea472c8b6f823864f41c042bb05834dca
- SHA512
  
  7beb2b469718c9e97d6edd6ac859a81b7ab853aba1a66107c771bbeecde0de0300876b201f453c3f42af52e38e88596147ec741b249950951d65729d1bcce9bd
- SSDEEP
  
  1536:xQpfzXlKMz5Au4aMhfj7bal423VWVxIK6K4kmFTSUorKLZ34:2RzXyu4aKj7bau23VSxIK6K/mFS/k
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2