1ead08a142ce14889263f103325d442f7d76c1c282419c4b76876ab856aafef2 | Triage

Sharing

General

Target

1ead08a142ce14889263f103325d442f7d76c1c282419c4b76876ab856aafef2
Size

101KB
Sample

221203-jtnrfsbb3t
MD5

08667d50614283b754849916f2e004c0
SHA1

4cc1cafa4e152d6ba18bcac134be655b718953b4
SHA256

1ead08a142ce14889263f103325d442f7d76c1c282419c4b76876ab856aafef2
SHA512

26af18becae39adc387235fe0d1a85a5b157886298724da7010f3a307198a135c48d986f52399fc5f6c1b210d22c2347818bc1642803875d336ecceee12aee67
SSDEEP

1536:9QxqcQu0XPmEmEcYUpEjCTfaAIW1EvqTlrxtPpFAXF9N/6Sy:y/03mEcppEjCTfaAIWSqTlrbPLEz4

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  1ead08a142ce14889263f103325d442f7d76c1c282419c4b76876ab856aafef2
- Size
  
  101KB
- MD5
  
  08667d50614283b754849916f2e004c0
- SHA1
  
  4cc1cafa4e152d6ba18bcac134be655b718953b4
- SHA256
  
  1ead08a142ce14889263f103325d442f7d76c1c282419c4b76876ab856aafef2
- SHA512
  
  26af18becae39adc387235fe0d1a85a5b157886298724da7010f3a307198a135c48d986f52399fc5f6c1b210d22c2347818bc1642803875d336ecceee12aee67
- SSDEEP
  
  1536:9QxqcQu0XPmEmEcYUpEjCTfaAIW1EvqTlrxtPpFAXF9N/6Sy:y/03mEcppEjCTfaAIWSqTlrbPLEz4
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2