fd798eaac5e7d41abb2a6ab33939793d0df3e76e247139f190b2e40009eac374 | Triage

Sharing

General

Target

fd798eaac5e7d41abb2a6ab33939793d0df3e76e247139f190b2e40009eac374
Size

14.4MB
Sample

221123-mm9xwsee54
MD5

1e689754e627e3b7cf3f7e40eec7d75c
SHA1

c54b121f0b85e91003d78607bf1fa6718c256029
SHA256

fd798eaac5e7d41abb2a6ab33939793d0df3e76e247139f190b2e40009eac374
SHA512

515444eec9c8d7ed0e9d0dff4c930fc5e60678fc3a32546213593bdbd69b621e31863d45bd0d30afc1d8b70f7832c0d2e95fa7d208a4e53cb4e7aaef3767c4c2
SSDEEP

393216:QJmhtTMVQl4CpDTzx7pKNy/wmFAHlcnZzRok/c74vCCcRVLBCy:QJst6OhpDFAGn7/RCCWVBCy

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  fd798eaac5e7d41abb2a6ab33939793d0df3e76e247139f190b2e40009eac374
- Size
  
  14.4MB
- MD5
  
  1e689754e627e3b7cf3f7e40eec7d75c
- SHA1
  
  c54b121f0b85e91003d78607bf1fa6718c256029
- SHA256
  
  fd798eaac5e7d41abb2a6ab33939793d0df3e76e247139f190b2e40009eac374
- SHA512
  
  515444eec9c8d7ed0e9d0dff4c930fc5e60678fc3a32546213593bdbd69b621e31863d45bd0d30afc1d8b70f7832c0d2e95fa7d208a4e53cb4e7aaef3767c4c2
- SSDEEP
  
  393216:QJmhtTMVQl4CpDTzx7pKNy/wmFAHlcnZzRok/c74vCCcRVLBCy:QJst6OhpDFAGn7/RCCWVBCy
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2