f7ffd38677da5bb43132dca5b818ee0732522ca86fdfbc76525e1bb75375edb7 | Triage

Sharing

General

Target

f7ffd38677da5bb43132dca5b818ee0732522ca86fdfbc76525e1bb75375edb7
Size

48KB
Sample

221124-jz1m7sdd7v
MD5

650dfd058e6e9e8d824f303a8c302ab7
SHA1

296069991585af3083b3b9f14374ed4196079932
SHA256

f7ffd38677da5bb43132dca5b818ee0732522ca86fdfbc76525e1bb75375edb7
SHA512

57b832e58fe9a5d8503295051a75bc315730905fff8a9ab8118b95aa7694b6650f48ddc89977680e49dad79d35c6840670a86292bc09e25cffd87fbaf1203282
SSDEEP

768:+vSVkaHW2vCmE9YsynDBWhyme8wdf/mv8psLf7056cbT:u2vXEKWhymVqf/mv8psLj056cH

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f7ffd38677da5bb43132dca5b818ee0732522ca86fdfbc76525e1bb75375edb7
- Size
  
  48KB
- MD5
  
  650dfd058e6e9e8d824f303a8c302ab7
- SHA1
  
  296069991585af3083b3b9f14374ed4196079932
- SHA256
  
  f7ffd38677da5bb43132dca5b818ee0732522ca86fdfbc76525e1bb75375edb7
- SHA512
  
  57b832e58fe9a5d8503295051a75bc315730905fff8a9ab8118b95aa7694b6650f48ddc89977680e49dad79d35c6840670a86292bc09e25cffd87fbaf1203282
- SSDEEP
  
  768:+vSVkaHW2vCmE9YsynDBWhyme8wdf/mv8psLf7056cbT:u2vXEKWhymVqf/mv8psLj056cH
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2