b98e0eee223793ca9e7a64ea31f2244e5b0701520b35df4a36f64342f8d53da0 | Triage

Sharing

General

Target

b98e0eee223793ca9e7a64ea31f2244e5b0701520b35df4a36f64342f8d53da0
Size

284KB
Sample

221126-2243hsbh32
MD5

e31f18ab7098094ebe231b8610cc33fa
SHA1

845fb57ef5a08c181b78ef253f8fd29a1951fe51
SHA256

b98e0eee223793ca9e7a64ea31f2244e5b0701520b35df4a36f64342f8d53da0
SHA512

7af11fbaaa919dd3edc89ef0f81ee72f064a3090bf5d0aac743ac6fc863639a51369811197e40f5a0af5051a1643ab2d4c38db6c4702e56677083c974f3063b8
SSDEEP

6144:4SrC1W7yNpCRcPMNeN+cP8L6v6z/7A012XbYkmq3X8sjcb:eGR+66v6z/Mekmqt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b98e0eee223793ca9e7a64ea31f2244e5b0701520b35df4a36f64342f8d53da0
- Size
  
  284KB
- MD5
  
  e31f18ab7098094ebe231b8610cc33fa
- SHA1
  
  845fb57ef5a08c181b78ef253f8fd29a1951fe51
- SHA256
  
  b98e0eee223793ca9e7a64ea31f2244e5b0701520b35df4a36f64342f8d53da0
- SHA512
  
  7af11fbaaa919dd3edc89ef0f81ee72f064a3090bf5d0aac743ac6fc863639a51369811197e40f5a0af5051a1643ab2d4c38db6c4702e56677083c974f3063b8
- SSDEEP
  
  6144:4SrC1W7yNpCRcPMNeN+cP8L6v6z/7A012XbYkmq3X8sjcb:eGR+66v6z/Mekmqt
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence