23ed589b5e30005891dc957cad1efb9df5587512d820b0ed6d9c9cf958a39987 | Triage

Sharing

General

Target

23ed589b5e30005891dc957cad1efb9df5587512d820b0ed6d9c9cf958a39987
Size

746KB
Sample

221121-n3a9yach4t
MD5

1a1edddace03ddef321c864e150785d1
SHA1

fc36161ff998afd44fd15f82c94a48a60ff6a801
SHA256

23ed589b5e30005891dc957cad1efb9df5587512d820b0ed6d9c9cf958a39987
SHA512

2840795eb0961c89db8c87d316cb43a2f94467452868bbfd9ccf06e9d18cf3e6f42eb59eafbbcaaff7962131b66e5e3d74e7df7ac336210e7dd41b1f0956d516
SSDEEP

6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSj9ltfgIg+oaAhIXbO9qsWSM:rjS3Yvyn/0TkLFYsqTM

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  23ed589b5e30005891dc957cad1efb9df5587512d820b0ed6d9c9cf958a39987
- Size
  
  746KB
- MD5
  
  1a1edddace03ddef321c864e150785d1
- SHA1
  
  fc36161ff998afd44fd15f82c94a48a60ff6a801
- SHA256
  
  23ed589b5e30005891dc957cad1efb9df5587512d820b0ed6d9c9cf958a39987
- SHA512
  
  2840795eb0961c89db8c87d316cb43a2f94467452868bbfd9ccf06e9d18cf3e6f42eb59eafbbcaaff7962131b66e5e3d74e7df7ac336210e7dd41b1f0956d516
- SSDEEP
  
  6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSj9ltfgIg+oaAhIXbO9qsWSM:rjS3Yvyn/0TkLFYsqTM
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2