f84a39d727048e2c86770cbacd7620ebaa903f4be2bb893f85d75b455fad5c5b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f84a39d727048e2c86770cbacd7620ebaa903f4be2bb893f85d75b455fad5c5b
Size

35KB
Sample

221206-xnrstaeb39
MD5

1868436b4ca23e084d1fc46ad6a11120
SHA1

3facb5fcca1dc9eca365baa61a62152dd7597fd2
SHA256

f84a39d727048e2c86770cbacd7620ebaa903f4be2bb893f85d75b455fad5c5b
SHA512

48f4f55bc2bde671023a8589aea1ec4fcb10f65f2b21911f9db19ca6984e748fa1d30d2e958e35ba93261fb4db0475b138683dced588e5bfb53bb99d1ab38e1a
SSDEEP

768:0jNTRwRykWMd4mp+8lAMU5GXI6Qy0siFCvJ4V7wmdUm1a8kW:QN9KsMdRp+yAqBMFCvJgZP1a0

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f84a39d727048e2c86770cbacd7620ebaa903f4be2bb893f85d75b455fad5c5b
- Size
  
  35KB
- MD5
  
  1868436b4ca23e084d1fc46ad6a11120
- SHA1
  
  3facb5fcca1dc9eca365baa61a62152dd7597fd2
- SHA256
  
  f84a39d727048e2c86770cbacd7620ebaa903f4be2bb893f85d75b455fad5c5b
- SHA512
  
  48f4f55bc2bde671023a8589aea1ec4fcb10f65f2b21911f9db19ca6984e748fa1d30d2e958e35ba93261fb4db0475b138683dced588e5bfb53bb99d1ab38e1a
- SSDEEP
  
  768:0jNTRwRykWMd4mp+8lAMU5GXI6Qy0siFCvJ4V7wmdUm1a8kW:QN9KsMdRp+yAqBMFCvJgZP1a0
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2