4a1125f52eb460597d912fb581a078013e97c6d9515bcbf2f63a85603662b6c9 | Triage

Sharing

General

Target

4a1125f52eb460597d912fb581a078013e97c6d9515bcbf2f63a85603662b6c9
Size

101KB
Sample

221124-q82eesha59
MD5

d48e3c2058035bc083d90bb7685fe09f
SHA1

bd14f31338cacf23586c65d7ce35fe3fe7f5968a
SHA256

4a1125f52eb460597d912fb581a078013e97c6d9515bcbf2f63a85603662b6c9
SHA512

185fe4121a0c78bc21e3fe57f03b3bfd11d47ab4a86475015633668294bb4eb4a8beb9c89839e2b75433d4f327bcfe94596e89989fee442064a6d3bad783aef8
SSDEEP

1536:9QxqcQu0XPmEmEcYUpEjCTfaAIW1EvqTlrxtPpFAXF9N/6Sy:y/03mEcppEjCTfaAIWSqTlrbPLEz4

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  4a1125f52eb460597d912fb581a078013e97c6d9515bcbf2f63a85603662b6c9
- Size
  
  101KB
- MD5
  
  d48e3c2058035bc083d90bb7685fe09f
- SHA1
  
  bd14f31338cacf23586c65d7ce35fe3fe7f5968a
- SHA256
  
  4a1125f52eb460597d912fb581a078013e97c6d9515bcbf2f63a85603662b6c9
- SHA512
  
  185fe4121a0c78bc21e3fe57f03b3bfd11d47ab4a86475015633668294bb4eb4a8beb9c89839e2b75433d4f327bcfe94596e89989fee442064a6d3bad783aef8
- SSDEEP
  
  1536:9QxqcQu0XPmEmEcYUpEjCTfaAIW1EvqTlrxtPpFAXF9N/6Sy:y/03mEcppEjCTfaAIWSqTlrbPLEz4
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2