af9b9586beab6e4bd73ddc22da4e7619561b3a9d452a1e9ba498784ea32e7eb9 | Triage

Sharing

General

Target

af9b9586beab6e4bd73ddc22da4e7619561b3a9d452a1e9ba498784ea32e7eb9
Size

100KB
Sample

221123-m4lxdsfg57
MD5

8ca303c4eb9cfbcd3b93f583511abfdf
SHA1

33fe4b8e965724143302b499934f1b5379b615a5
SHA256

af9b9586beab6e4bd73ddc22da4e7619561b3a9d452a1e9ba498784ea32e7eb9
SHA512

c5cb024a8e52eeb99b554f798b683fb1603ca5fe09470c671a817c544dcbc443ef6d88d588804e11a961ab25c8453a34ddaeb335892252f2ed4abf79b354c30e
SSDEEP

1536:9QxqcQu0yvmgEUs1rARbX/CJ+zsxm90BUNvE6V01Deo/k7:y/0gEUcr6bvvzsKp66oc7

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  af9b9586beab6e4bd73ddc22da4e7619561b3a9d452a1e9ba498784ea32e7eb9
- Size
  
  100KB
- MD5
  
  8ca303c4eb9cfbcd3b93f583511abfdf
- SHA1
  
  33fe4b8e965724143302b499934f1b5379b615a5
- SHA256
  
  af9b9586beab6e4bd73ddc22da4e7619561b3a9d452a1e9ba498784ea32e7eb9
- SHA512
  
  c5cb024a8e52eeb99b554f798b683fb1603ca5fe09470c671a817c544dcbc443ef6d88d588804e11a961ab25c8453a34ddaeb335892252f2ed4abf79b354c30e
- SSDEEP
  
  1536:9QxqcQu0yvmgEUs1rARbX/CJ+zsxm90BUNvE6V01Deo/k7:y/0gEUcr6bvvzsKp66oc7
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2