e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c | Triage

Sharing

General

Target

e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
Size

796KB
Sample

221124-e2xbcacc4t
MD5

09f787f7bfa486df17725c9c4eb251ce
SHA1

b1b5778c732f8d319f2096abeba7175020ad9123
SHA256

e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
SHA512

1f9d432e0dcf8f02b15909ce5fc9197647e5abcf2537680e3d5794d740b98c8793aa386c5e305e11b2e550a69158a1ece312fd178d72eec766c1df56b4cd383c
SSDEEP

6144:9eb/LfqouTcCFLgAg3PxNKXYgBdnaNT2b3cpMN/XFjAn5N0GdJbU54ql0q/37//3:MAcCaZL0YCgsyMN/XFEnzZU4q0c3

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
- Size
  
  796KB
- MD5
  
  09f787f7bfa486df17725c9c4eb251ce
- SHA1
  
  b1b5778c732f8d319f2096abeba7175020ad9123
- SHA256
  
  e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
- SHA512
  
  1f9d432e0dcf8f02b15909ce5fc9197647e5abcf2537680e3d5794d740b98c8793aa386c5e305e11b2e550a69158a1ece312fd178d72eec766c1df56b4cd383c
- SSDEEP
  
  6144:9eb/LfqouTcCFLgAg3PxNKXYgBdnaNT2b3cpMN/XFjAn5N0GdJbU54ql0q/37//3:MAcCaZL0YCgsyMN/XFEnzZU4q0c3
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2