6ab9a75258fe3bce94363d47471bf4db9c7f715db6d608b6b2e8e82c9aff533b | Triage

Sharing

General

Target

6ab9a75258fe3bce94363d47471bf4db9c7f715db6d608b6b2e8e82c9aff533b
Size

504KB
Sample

221125-jkxb8sfc2t
MD5

a629ef65a39697b4d77b3e89aae20cce
SHA1

394dfc368a06e70875cd63bfb19f0bbb305b53cd
SHA256

6ab9a75258fe3bce94363d47471bf4db9c7f715db6d608b6b2e8e82c9aff533b
SHA512

b9cfe8d70f194e09ecba37831dec1cd733df3526b5e640b16e55a7861c2fe999c52ac67943f0fa0d2a515b773ac7f75b30247f28f925323522a912c7e88cd9f6
SSDEEP

6144:PJsvEkBYXUXUGSrXhVfX3WKo8fql+Qle7b95SsL4s6+MeSkT:PUBrXUxbhVv3lY+Lb5L4sme

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  6ab9a75258fe3bce94363d47471bf4db9c7f715db6d608b6b2e8e82c9aff533b
- Size
  
  504KB
- MD5
  
  a629ef65a39697b4d77b3e89aae20cce
- SHA1
  
  394dfc368a06e70875cd63bfb19f0bbb305b53cd
- SHA256
  
  6ab9a75258fe3bce94363d47471bf4db9c7f715db6d608b6b2e8e82c9aff533b
- SHA512
  
  b9cfe8d70f194e09ecba37831dec1cd733df3526b5e640b16e55a7861c2fe999c52ac67943f0fa0d2a515b773ac7f75b30247f28f925323522a912c7e88cd9f6
- SSDEEP
  
  6144:PJsvEkBYXUXUGSrXhVfX3WKo8fql+Qle7b95SsL4s6+MeSkT:PUBrXUxbhVv3lY+Lb5L4sme
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2