a54c022e62aced366f663197e780b77c4631de73fd4bc7048e1865ee2d9bc115 | Triage

Sharing

General

Target

a54c022e62aced366f663197e780b77c4631de73fd4bc7048e1865ee2d9bc115
Size

914KB
Sample

221123-xstg7sah6t
MD5

4af4b5b7967956e9eb9a0a7757453850
SHA1

131e87b04c108ab84b17ff92a0a12945059c7ec8
SHA256

a54c022e62aced366f663197e780b77c4631de73fd4bc7048e1865ee2d9bc115
SHA512

1a8015e0466aee6fb500eb5c5f632b4def4aa7590616d480a03242578ace6e273323d558b2e2ad50143709feaa7c734ed1b06539cd1854a8ede0216bad78e655
SSDEEP

6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSj9ltfgIg+oaU64RZYIW7lEykhC6H8GY55hf:rjS3Yvyn/0TkLFU64cIW5EykhXG5Tsql

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  a54c022e62aced366f663197e780b77c4631de73fd4bc7048e1865ee2d9bc115
- Size
  
  914KB
- MD5
  
  4af4b5b7967956e9eb9a0a7757453850
- SHA1
  
  131e87b04c108ab84b17ff92a0a12945059c7ec8
- SHA256
  
  a54c022e62aced366f663197e780b77c4631de73fd4bc7048e1865ee2d9bc115
- SHA512
  
  1a8015e0466aee6fb500eb5c5f632b4def4aa7590616d480a03242578ace6e273323d558b2e2ad50143709feaa7c734ed1b06539cd1854a8ede0216bad78e655
- SSDEEP
  
  6144:a+nglw9ayQv3ahvyn/PU7O0KXgTTSj9ltfgIg+oaU64RZYIW7lEykhC6H8GY55hf:rjS3Yvyn/0TkLFU64cIW5EykhXG5Tsql
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2