72bd7873fad20711f10e678125907c86bfd4ba49cadd7c97c864851ac1377a99 | Triage

Sharing

General

Target

72bd7873fad20711f10e678125907c86bfd4ba49cadd7c97c864851ac1377a99
Size

514KB
Sample

221127-jtrs4seg7t
MD5

a91cf8b6c1edb061473e85b4bdd10040
SHA1

ae2f293ca5ce948f7f014bcb58fd848d8d87ded9
SHA256

72bd7873fad20711f10e678125907c86bfd4ba49cadd7c97c864851ac1377a99
SHA512

132c76b5e0b8bb4b09627a1947a4ef62ff96fe5ed06567502b7dd219355ad9d33f5659716f1512ab6269a8d785ab0a73ca56f0cb46c7d749fb933d070c598c5e
SSDEEP

12288:Wt+XGgLuX/RrTWJ+FtK9D+QUBYuQK6yNZAnk2HcK1xRQp2Ja+HWf:vGg2/RrTxTKg1BY0JNSnkNuAEjHu

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  72bd7873fad20711f10e678125907c86bfd4ba49cadd7c97c864851ac1377a99
- Size
  
  514KB
- MD5
  
  a91cf8b6c1edb061473e85b4bdd10040
- SHA1
  
  ae2f293ca5ce948f7f014bcb58fd848d8d87ded9
- SHA256
  
  72bd7873fad20711f10e678125907c86bfd4ba49cadd7c97c864851ac1377a99
- SHA512
  
  132c76b5e0b8bb4b09627a1947a4ef62ff96fe5ed06567502b7dd219355ad9d33f5659716f1512ab6269a8d785ab0a73ca56f0cb46c7d749fb933d070c598c5e
- SSDEEP
  
  12288:Wt+XGgLuX/RrTWJ+FtK9D+QUBYuQK6yNZAnk2HcK1xRQp2Ja+HWf:vGg2/RrTxTKg1BY0JNSnkNuAEjHu
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2