89e9bd0769f9002d0c26a63dbacc0d324c3cd322f77061ec82ae11f0f670387a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89e9bd0769f9002d0c26a63dbacc0d324c3cd322f77061ec82ae11f0f670387a
Size

984KB
Sample

221203-zr1agaeb77
MD5

8b1597746c989d0dd27045021363557c
SHA1

a31fda47bc6ee7a79e29456a31593d518bb9752a
SHA256

89e9bd0769f9002d0c26a63dbacc0d324c3cd322f77061ec82ae11f0f670387a
SHA512

12a109c3c008bafbc9820a5522dec09fbf24d391ffff0333d6cd8814a0f3625a4097d6cdd59eb728516e7ef79fb0a0b8c64a6d65ceac3e780b7f43f2f8a0db2f
SSDEEP

12288:ZSjzwRzH1RighUFZzHtC9FDY8c8H+Lm/yjxeiSOHTApwn2fTrNsef1JOXRqhqii:MeVRrhMxY9FDY8cLa/OerzTrNtSc

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  89e9bd0769f9002d0c26a63dbacc0d324c3cd322f77061ec82ae11f0f670387a
- Size
  
  984KB
- MD5
  
  8b1597746c989d0dd27045021363557c
- SHA1
  
  a31fda47bc6ee7a79e29456a31593d518bb9752a
- SHA256
  
  89e9bd0769f9002d0c26a63dbacc0d324c3cd322f77061ec82ae11f0f670387a
- SHA512
  
  12a109c3c008bafbc9820a5522dec09fbf24d391ffff0333d6cd8814a0f3625a4097d6cdd59eb728516e7ef79fb0a0b8c64a6d65ceac3e780b7f43f2f8a0db2f
- SSDEEP
  
  12288:ZSjzwRzH1RighUFZzHtC9FDY8c8H+Lm/yjxeiSOHTApwn2fTrNsef1JOXRqhqii:MeVRrhMxY9FDY8cLa/OerzTrNtSc
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2