d75cc8cb4943332395c7655494f99309422d2851d9280eed58e372470d32590b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d75cc8cb4943332395c7655494f99309422d2851d9280eed58e372470d32590b
Size

1.2MB
Sample

221206-myfs7aea8t
MD5

166fdd9bc2bd4ee95950c1fc6ce73b8b
SHA1

afce906f1e0d09d53f6c0f0f1748367dafb27b6b
SHA256

d75cc8cb4943332395c7655494f99309422d2851d9280eed58e372470d32590b
SHA512

ea6f2452a725c8ebb171b27cd6488dfa34ade364f0b7a594160dd751325be068fd03ad50f2f07c7fb1922e225f2a47a1bf5ae4f09bf7059018263d23b2c51de4
SSDEEP

12288:1d4XajaY+8GXgJzcXwXMpBq3JPD0YslFtLjJvS9WspRSGIJKQXaomNgHsjqrqJHO:13R5IJKQXaomNgH2qrqJHyLz2OQ2ABP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d75cc8cb4943332395c7655494f99309422d2851d9280eed58e372470d32590b
- Size
  
  1.2MB
- MD5
  
  166fdd9bc2bd4ee95950c1fc6ce73b8b
- SHA1
  
  afce906f1e0d09d53f6c0f0f1748367dafb27b6b
- SHA256
  
  d75cc8cb4943332395c7655494f99309422d2851d9280eed58e372470d32590b
- SHA512
  
  ea6f2452a725c8ebb171b27cd6488dfa34ade364f0b7a594160dd751325be068fd03ad50f2f07c7fb1922e225f2a47a1bf5ae4f09bf7059018263d23b2c51de4
- SSDEEP
  
  12288:1d4XajaY+8GXgJzcXwXMpBq3JPD0YslFtLjJvS9WspRSGIJKQXaomNgHsjqrqJHO:13R5IJKQXaomNgH2qrqJHyLz2OQ2ABP
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence