9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a | Triage

Sharing

General

Target

9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a
Size

62KB
Sample

221203-akjayaca3w
MD5

0a797adc3f086673bfceb8254c3912d4
SHA1

0d3a2367d5625f30ac6deca128c339b6b5903776
SHA256

9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a
SHA512

7378ff873274e4bc1ad5032ecc30f9743e0266bac95c956b938195bc8d67ee8afe628f4f8d7874bb397e885933ade81b00846e899bf272d31ba3334ee185d8ea
SSDEEP

1536:bpg6nW9+kdTx87Iwterf9KZezMv5oITjhyb5lZT:bpg6W5kRMf9BY5ooS

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a
- Size
  
  62KB
- MD5
  
  0a797adc3f086673bfceb8254c3912d4
- SHA1
  
  0d3a2367d5625f30ac6deca128c339b6b5903776
- SHA256
  
  9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a
- SHA512
  
  7378ff873274e4bc1ad5032ecc30f9743e0266bac95c956b938195bc8d67ee8afe628f4f8d7874bb397e885933ade81b00846e899bf272d31ba3334ee185d8ea
- SSDEEP
  
  1536:bpg6nW9+kdTx87Iwterf9KZezMv5oITjhyb5lZT:bpg6W5kRMf9BY5ooS
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2