fa5c0b89c3ec95998639b36c0bb76b6b63e4e569ec3578b0f3346b56669e142d | Triage

Sharing

General

Target

fa5c0b89c3ec95998639b36c0bb76b6b63e4e569ec3578b0f3346b56669e142d
Size

408KB
Sample

221124-e4bgnacd5v
MD5

2b9537dfd9ff85a3e45dc18b54168904
SHA1

dab91a1e37814f3ff0b2205dbfad15d29b4b47f1
SHA256

fa5c0b89c3ec95998639b36c0bb76b6b63e4e569ec3578b0f3346b56669e142d
SHA512

4b6c110cd2702df66043889110788791b1e00825c18a897c9e309d2c2a5f7f530ead725c67723e282728191f5bd6471313c1beaa331696e7b68c53d1c9962278
SSDEEP

12288:5ujulmkUp73f8j1LUAm3WelbWHx1wakcEvT:gF81gV2Eb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fa5c0b89c3ec95998639b36c0bb76b6b63e4e569ec3578b0f3346b56669e142d
- Size
  
  408KB
- MD5
  
  2b9537dfd9ff85a3e45dc18b54168904
- SHA1
  
  dab91a1e37814f3ff0b2205dbfad15d29b4b47f1
- SHA256
  
  fa5c0b89c3ec95998639b36c0bb76b6b63e4e569ec3578b0f3346b56669e142d
- SHA512
  
  4b6c110cd2702df66043889110788791b1e00825c18a897c9e309d2c2a5f7f530ead725c67723e282728191f5bd6471313c1beaa331696e7b68c53d1c9962278
- SSDEEP
  
  12288:5ujulmkUp73f8j1LUAm3WelbWHx1wakcEvT:gF81gV2Eb
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence