a3f219bdee0ffd8303b4e4649665ff82f5f17216a74f8612fcbc7cb8012fe854 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3f219bdee0ffd8303b4e4649665ff82f5f17216a74f8612fcbc7cb8012fe854
Size

61KB
Sample

221203-aj85zagg93
MD5

9089f690a0673a517fb2577a29de8fff
SHA1

12a3534dda3d87bf5bf9e25ef1c809c126af25d8
SHA256

a3f219bdee0ffd8303b4e4649665ff82f5f17216a74f8612fcbc7cb8012fe854
SHA512

890d458369e319d2d09f7941efb274cc80fbb28dee6427fd8cbaa7873728e1c91ab2e0d90273417e0c619a695ed763e87868927068ed4864dff16ad8e8e252f3
SSDEEP

1536:HtMwMb+0I/oHO+y/XYKzavqXUc6S71hVqeypj8oFva:HYbdI/oHHy/XRzaSH68nVqew8oo

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  a3f219bdee0ffd8303b4e4649665ff82f5f17216a74f8612fcbc7cb8012fe854
- Size
  
  61KB
- MD5
  
  9089f690a0673a517fb2577a29de8fff
- SHA1
  
  12a3534dda3d87bf5bf9e25ef1c809c126af25d8
- SHA256
  
  a3f219bdee0ffd8303b4e4649665ff82f5f17216a74f8612fcbc7cb8012fe854
- SHA512
  
  890d458369e319d2d09f7941efb274cc80fbb28dee6427fd8cbaa7873728e1c91ab2e0d90273417e0c619a695ed763e87868927068ed4864dff16ad8e8e252f3
- SSDEEP
  
  1536:HtMwMb+0I/oHO+y/XYKzavqXUc6S71hVqeypj8oFva:HYbdI/oHHy/XRzaSH68nVqew8oo
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2