beb8330be44e907a020bb10f2f9678b50653918a62a2ca434699c28f8c7fecdf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

beb8330be44e907a020bb10f2f9678b50653918a62a2ca434699c28f8c7fecdf
Size

38KB
Sample

221204-h1l1rsbg71
MD5

ca1bbab67de165a768fdb1cc8e95f053
SHA1

cbf9bf3a5606b460b9143966eef2a3760c1168c6
SHA256

beb8330be44e907a020bb10f2f9678b50653918a62a2ca434699c28f8c7fecdf
SHA512

83089d4c474c65db7aff4cf62ba5c03c47e55928d8b69c7f348bbecf473e129d5cfb8a4bf2f73c378a7e647e117cf8a973d0c3eb4dd85fc3bab728c78d41b2e7
SSDEEP

768:VK7VQWXRUVnUtxhtFyGDyMoMlfzn3cLpdPs98:VKBQOF1yGpz6dF

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  beb8330be44e907a020bb10f2f9678b50653918a62a2ca434699c28f8c7fecdf
- Size
  
  38KB
- MD5
  
  ca1bbab67de165a768fdb1cc8e95f053
- SHA1
  
  cbf9bf3a5606b460b9143966eef2a3760c1168c6
- SHA256
  
  beb8330be44e907a020bb10f2f9678b50653918a62a2ca434699c28f8c7fecdf
- SHA512
  
  83089d4c474c65db7aff4cf62ba5c03c47e55928d8b69c7f348bbecf473e129d5cfb8a4bf2f73c378a7e647e117cf8a973d0c3eb4dd85fc3bab728c78d41b2e7
- SSDEEP
  
  768:VK7VQWXRUVnUtxhtFyGDyMoMlfzn3cLpdPs98:VKBQOF1yGpz6dF
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2