bc4d24327853c04a292dd3ae6048b2c6f0375bf512aacb90bca89fd4f4a83951 | Triage

Sharing

General

Target

bc4d24327853c04a292dd3ae6048b2c6f0375bf512aacb90bca89fd4f4a83951
Size

37KB
Sample

221205-jaz1dach2z
MD5

7c654fb841604d5475b9d279a354c837
SHA1

7a662e6de52dedd94c5255886b6b09b09a598918
SHA256

bc4d24327853c04a292dd3ae6048b2c6f0375bf512aacb90bca89fd4f4a83951
SHA512

be017a65150a163e12dff7b81565f407f1a3083dec8bac3e3031fdd22e7526bebf5643361f8a351a474f46411063da390d2aea426ba7bf043cdcc341339e826f
SSDEEP

768:GKUzwiPKhDAqnRFWyRo+nW7jCrAHHWE8EnuwStdgO6n:GKHfPDWYo+nJsnLlnuzG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bc4d24327853c04a292dd3ae6048b2c6f0375bf512aacb90bca89fd4f4a83951
- Size
  
  37KB
- MD5
  
  7c654fb841604d5475b9d279a354c837
- SHA1
  
  7a662e6de52dedd94c5255886b6b09b09a598918
- SHA256
  
  bc4d24327853c04a292dd3ae6048b2c6f0375bf512aacb90bca89fd4f4a83951
- SHA512
  
  be017a65150a163e12dff7b81565f407f1a3083dec8bac3e3031fdd22e7526bebf5643361f8a351a474f46411063da390d2aea426ba7bf043cdcc341339e826f
- SSDEEP
  
  768:GKUzwiPKhDAqnRFWyRo+nW7jCrAHHWE8EnuwStdgO6n:GKHfPDWYo+nJsnLlnuzG
Score

10^/10

persistence evasion
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence