9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33 | Triage

Sharing

General

Target

9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33
Size

45KB
Sample

221205-m443zacg99
MD5

6301a7424edddfe42912f1a6ff6c9211
SHA1

0259d08690cb41cee0858798809ac14c40040153
SHA256

9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33
SHA512

37c578ff5d25b6f99290b092168917ebdcf2a6c817aa114c47ae06e52b61331d95a59dbf2147820d6caa20db2a3ef0fc1d6a2778fadc3e8e2d8a920d3630c2c3
SSDEEP

768:NGW3QtraAwusc9PvkkfvsOtzhzeAvFwuqjOQ+tykl26bXQM3iJcnPZ:NTsWAVsc935fdzhzXvLSN+t95RPZ

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33
- Size
  
  45KB
- MD5
  
  6301a7424edddfe42912f1a6ff6c9211
- SHA1
  
  0259d08690cb41cee0858798809ac14c40040153
- SHA256
  
  9da1ea3405be51920cd8064a3bef1f4dc9b75fb4159f9f747b1d88dd975b0a33
- SHA512
  
  37c578ff5d25b6f99290b092168917ebdcf2a6c817aa114c47ae06e52b61331d95a59dbf2147820d6caa20db2a3ef0fc1d6a2778fadc3e8e2d8a920d3630c2c3
- SSDEEP
  
  768:NGW3QtraAwusc9PvkkfvsOtzhzeAvFwuqjOQ+tykl26bXQM3iJcnPZ:NTsWAVsc935fdzhzXvLSN+t95RPZ
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2