5267842040561d6290b5684cb2a37aaf31d6ed73f95cfa0358f2687aa423b603 | Triage

Sharing

General

Target

5267842040561d6290b5684cb2a37aaf31d6ed73f95cfa0358f2687aa423b603
Size

694KB
Sample

221123-rm7jzsha67
MD5

7fd7dea9fe95aa0d5d0bb95e6e08f92e
SHA1

32087a4b783d27e99bbe33bde71907b8b8c10f16
SHA256

5267842040561d6290b5684cb2a37aaf31d6ed73f95cfa0358f2687aa423b603
SHA512

bd111fc569c2127c2cb3ce1b7dcf19c3c2368c127d8bd3401f8277d339cb1f0bc8fff5e4035fed47a2e705afab1a6800bb8dfcb376ee3fba3e26b69b03d57e13
SSDEEP

12288:cvO31z4IeZBN7W1mxpgTaDdxxjk/LSCxpKgqQknuzPjyAi:cvu4IevN7W1mwadjeSC/KCkePjyA

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5267842040561d6290b5684cb2a37aaf31d6ed73f95cfa0358f2687aa423b603
- Size
  
  694KB
- MD5
  
  7fd7dea9fe95aa0d5d0bb95e6e08f92e
- SHA1
  
  32087a4b783d27e99bbe33bde71907b8b8c10f16
- SHA256
  
  5267842040561d6290b5684cb2a37aaf31d6ed73f95cfa0358f2687aa423b603
- SHA512
  
  bd111fc569c2127c2cb3ce1b7dcf19c3c2368c127d8bd3401f8277d339cb1f0bc8fff5e4035fed47a2e705afab1a6800bb8dfcb376ee3fba3e26b69b03d57e13
- SSDEEP
  
  12288:cvO31z4IeZBN7W1mxpgTaDdxxjk/LSCxpKgqQknuzPjyAi:cvu4IevN7W1mwadjeSC/KCkePjyA
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2