cdfcf9696cae26f5f325407b13f59bfe01455b8b1ff70f133173a7eff4bc2531 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdfcf9696cae26f5f325407b13f59bfe01455b8b1ff70f133173a7eff4bc2531
Size

835KB
Sample

221121-n2pqyahb83
MD5

1c7550b8560b940b8fb74b457a106e16
SHA1

9958c9d8afdeab94f135e371eb29a732e8a0e0fd
SHA256

cdfcf9696cae26f5f325407b13f59bfe01455b8b1ff70f133173a7eff4bc2531
SHA512

e2c79a0c451e08262e9f3765c0201ab32daa4e495fee52d1759327c0ba913be8802df51902091a219e2ad37448a4bbff542f07f70b6778c2f8e4767a15404f0d
SSDEEP

6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSjyEN2ERBOzllz5jtGvA4q1jtGvA4q/bFVGS:rjS3Yvyn/0Tvlzq44qW44q1x

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  cdfcf9696cae26f5f325407b13f59bfe01455b8b1ff70f133173a7eff4bc2531
- Size
  
  835KB
- MD5
  
  1c7550b8560b940b8fb74b457a106e16
- SHA1
  
  9958c9d8afdeab94f135e371eb29a732e8a0e0fd
- SHA256
  
  cdfcf9696cae26f5f325407b13f59bfe01455b8b1ff70f133173a7eff4bc2531
- SHA512
  
  e2c79a0c451e08262e9f3765c0201ab32daa4e495fee52d1759327c0ba913be8802df51902091a219e2ad37448a4bbff542f07f70b6778c2f8e4767a15404f0d
- SSDEEP
  
  6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSjyEN2ERBOzllz5jtGvA4q1jtGvA4q/bFVGS:rjS3Yvyn/0Tvlzq44qW44q1x
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2