50b2f38f4f5664d7536e6b6a381f4ca5ccb22434799a13f18bd156b31f6a5d89 | Triage

Sharing

General

Target

50b2f38f4f5664d7536e6b6a381f4ca5ccb22434799a13f18bd156b31f6a5d89
Size

93KB
Sample

221201-3v6hfadc26
MD5

b7e4cf6a17d9d5ef1232c63377697fc1
SHA1

fa581ba6639698404df07eb90e75128eef26ca4c
SHA256

50b2f38f4f5664d7536e6b6a381f4ca5ccb22434799a13f18bd156b31f6a5d89
SHA512

20181c732352c0a954621ec23b9b1aa6c8111ca6db4bce04874c6bac66fa5955a23a6afcd8d1c76dfcf21ef78793c9850f9862106ce7d93f358ac44ebfc634b6
SSDEEP

1536:H/gbTg7OxgzEOGYKKPisTfEJBwjmnmko/eBHqu0rV3bpjh9/32XcO+FVp+91RBeE:fGTawYBT46mnaeBKu0rJZV3FX+91B2Q5

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  50b2f38f4f5664d7536e6b6a381f4ca5ccb22434799a13f18bd156b31f6a5d89
- Size
  
  93KB
- MD5
  
  b7e4cf6a17d9d5ef1232c63377697fc1
- SHA1
  
  fa581ba6639698404df07eb90e75128eef26ca4c
- SHA256
  
  50b2f38f4f5664d7536e6b6a381f4ca5ccb22434799a13f18bd156b31f6a5d89
- SHA512
  
  20181c732352c0a954621ec23b9b1aa6c8111ca6db4bce04874c6bac66fa5955a23a6afcd8d1c76dfcf21ef78793c9850f9862106ce7d93f358ac44ebfc634b6
- SSDEEP
  
  1536:H/gbTg7OxgzEOGYKKPisTfEJBwjmnmko/eBHqu0rV3bpjh9/32XcO+FVp+91RBeE:fGTawYBT46mnaeBKu0rJZV3FX+91B2Q5
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2