Overview

overview

10

Static

static

9c1e2354c6...41.exe

windows7-x64

10

9c1e2354c6...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c1e2354c62573e1abfde9ecaf9aaf3199d343e80daa160e92ab1e6c25ad7041

  • Size

    1.0MB

  • Sample

    221124-l51w9saf2x

  • MD5

    b3808373acbf5cd33017d74a9d98fc97

  • SHA1

    13ebf7d5b278d2cc5086418396be481cb63c0b5f

  • SHA256

    9c1e2354c62573e1abfde9ecaf9aaf3199d343e80daa160e92ab1e6c25ad7041

  • SHA512

    94ee11f96e18bac9a2a3014d78e95eff4373781a2eae173a0fdb4f652a50022960faf5c09bd81bb8cd5c0b4ed354f580ab8120e744796991abf9ba729cd1dc37

  • SSDEEP

    24576:fxtX01nIv47zxUkDmmfdECJCIkFniRksy5j69c:JtXqnRzyoJfdTJG8kl

Score
10/10
persistence

Malware Config

Targets

    • Target

      9c1e2354c62573e1abfde9ecaf9aaf3199d343e80daa160e92ab1e6c25ad7041

    • Size

      1.0MB

    • MD5

      b3808373acbf5cd33017d74a9d98fc97

    • SHA1

      13ebf7d5b278d2cc5086418396be481cb63c0b5f

    • SHA256

      9c1e2354c62573e1abfde9ecaf9aaf3199d343e80daa160e92ab1e6c25ad7041

    • SHA512

      94ee11f96e18bac9a2a3014d78e95eff4373781a2eae173a0fdb4f652a50022960faf5c09bd81bb8cd5c0b4ed354f580ab8120e744796991abf9ba729cd1dc37

    • SSDEEP

      24576:fxtX01nIv47zxUkDmmfdECJCIkFniRksy5j69c:JtXqnRzyoJfdTJG8kl

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks