7effe934d670c3c9e56066b36c7fbcd13ee9bf731ca3e94d923de723dc61bf4b | Triage

Sharing

General

Target

7effe934d670c3c9e56066b36c7fbcd13ee9bf731ca3e94d923de723dc61bf4b
Size

167KB
Sample

221123-lkbrmsfa6s
MD5

5dd5aea0a4afda3128d34c18a19d55bd
SHA1

baaaa124c323157d35f97b8f1641556b8b4e7b6b
SHA256

7effe934d670c3c9e56066b36c7fbcd13ee9bf731ca3e94d923de723dc61bf4b
SHA512

e0cb6f721444c941c9781c2d73e1ba6a185b34ebc36020839a4a62c7a6b477c4603574fb9f84ff02aeb6e0faf23ceea0438750dcdc90504edc71854b03456d83
SSDEEP

3072:FzW+DiC9iLo+GnHX5GWp1icKAArDZz4N9GhbkrNEk1HoYW:QKwLo7tp0yN90QEWo

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  7effe934d670c3c9e56066b36c7fbcd13ee9bf731ca3e94d923de723dc61bf4b
- Size
  
  167KB
- MD5
  
  5dd5aea0a4afda3128d34c18a19d55bd
- SHA1
  
  baaaa124c323157d35f97b8f1641556b8b4e7b6b
- SHA256
  
  7effe934d670c3c9e56066b36c7fbcd13ee9bf731ca3e94d923de723dc61bf4b
- SHA512
  
  e0cb6f721444c941c9781c2d73e1ba6a185b34ebc36020839a4a62c7a6b477c4603574fb9f84ff02aeb6e0faf23ceea0438750dcdc90504edc71854b03456d83
- SSDEEP
  
  3072:FzW+DiC9iLo+GnHX5GWp1icKAArDZz4N9GhbkrNEk1HoYW:QKwLo7tp0yN90QEWo
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Winlogon Helper DLL

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2