25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a | Triage

Sharing

General

Target

25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
Size

116KB
Sample

221123-m9me4sgb77
MD5

7fdf1177ae26859ce367d4cd76a712d1
SHA1

3410dbe2e502ccd791b05bb919bc2814d1275bca
SHA256

25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
SHA512

a4ea6c2dcc05e72ec62b4c8c98b9560e1608e447cb36cb7e6a15cf7a36044bae3cbaea6f7daac56ee8f757e1e08c98ccc8f5fb9fb7d6431f38d2c3c7c361a88c
SSDEEP

3072:gtuA/sk2uoYzVzSeQ7fFcO73V+cQhkv3NhF:gtTogSztD738cQhQ9hF

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
- Size
  
  116KB
- MD5
  
  7fdf1177ae26859ce367d4cd76a712d1
- SHA1
  
  3410dbe2e502ccd791b05bb919bc2814d1275bca
- SHA256
  
  25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
- SHA512
  
  a4ea6c2dcc05e72ec62b4c8c98b9560e1608e447cb36cb7e6a15cf7a36044bae3cbaea6f7daac56ee8f757e1e08c98ccc8f5fb9fb7d6431f38d2c3c7c361a88c
- SSDEEP
  
  3072:gtuA/sk2uoYzVzSeQ7fFcO73V+cQhkv3NhF:gtTogSztD738cQhQ9hF
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2