General
-
Target
6c9e2c8ccb2b9be3af6acff61672d6b23d960760271d196b2ab523d4b9fb45bf
-
Size
255KB
-
Sample
221123-zwnggaha4y
-
MD5
ce0ed782372f927078e9b0e797c1de0a
-
SHA1
c5b8b40c1faa59a9ee5ed99cb4eb7c2857acfadb
-
SHA256
6c9e2c8ccb2b9be3af6acff61672d6b23d960760271d196b2ab523d4b9fb45bf
-
SHA512
9e3edb00d8332ef97519fcf397eedb679075a7f6b6229211969c08951f9cbc2273e250f0940b29feed323b80bf08c922e7866e5f54d4ec5488b8068cbfc44434
-
SSDEEP
3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJ3:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIm
Behavioral task
behavioral1
Sample
6c9e2c8ccb2b9be3af6acff61672d6b23d960760271d196b2ab523d4b9fb45bf.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
6c9e2c8ccb2b9be3af6acff61672d6b23d960760271d196b2ab523d4b9fb45bf
-
Size
255KB
-
MD5
ce0ed782372f927078e9b0e797c1de0a
-
SHA1
c5b8b40c1faa59a9ee5ed99cb4eb7c2857acfadb
-
SHA256
6c9e2c8ccb2b9be3af6acff61672d6b23d960760271d196b2ab523d4b9fb45bf
-
SHA512
9e3edb00d8332ef97519fcf397eedb679075a7f6b6229211969c08951f9cbc2273e250f0940b29feed323b80bf08c922e7866e5f54d4ec5488b8068cbfc44434
-
SSDEEP
3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJ3:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIm
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Hidden Files and Directories
2Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Hidden Files and Directories
2Modify Registry
8Disabling Security Tools
2