c20fb70a1ad9bfd6342fedea92fc10c719b60fbb8323ad249c4ca1e64ae2e62f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c20fb70a1ad9bfd6342fedea92fc10c719b60fbb8323ad249c4ca1e64ae2e62f
Size

187KB
Sample

221203-3t4bpagc78
MD5

86535d98ddf9b0b99673f7942acaf00d
SHA1

955a54abaa02e0b7f16e515424e9369775e706bc
SHA256

c20fb70a1ad9bfd6342fedea92fc10c719b60fbb8323ad249c4ca1e64ae2e62f
SHA512

7d562417b601c0c068ef37c071af9a705341df012bec9272bf7db23ae1923e5495088c303c160f38008588250beccfcecc4f38aa42840b2e076c8f8297766908
SSDEEP

3072://k/pujoQn+R2vSFw+G55YCFLbHGhcyGvvUd40+Y3xeSqZMJN0+RtpBulQh://k/Go3R2v1Rg6vdQegxL3ulE

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  c20fb70a1ad9bfd6342fedea92fc10c719b60fbb8323ad249c4ca1e64ae2e62f
- Size
  
  187KB
- MD5
  
  86535d98ddf9b0b99673f7942acaf00d
- SHA1
  
  955a54abaa02e0b7f16e515424e9369775e706bc
- SHA256
  
  c20fb70a1ad9bfd6342fedea92fc10c719b60fbb8323ad249c4ca1e64ae2e62f
- SHA512
  
  7d562417b601c0c068ef37c071af9a705341df012bec9272bf7db23ae1923e5495088c303c160f38008588250beccfcecc4f38aa42840b2e076c8f8297766908
- SSDEEP
  
  3072://k/pujoQn+R2vSFw+G55YCFLbHGhcyGvvUd40+Y3xeSqZMJN0+RtpBulQh://k/Go3R2v1Rg6vdQegxL3ulE
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2