d4c83205cf6f3098ab6a757312525f4d14a57a819306eeea5c0d022b00b38cf3 | Triage

Sharing

General

Target

Automatic_converter_rff_to_mp4.exe
Size

322KB
Sample

230523-f6z4gadh45
MD5

1b4f89bdb12a349de92ca7f1261e67a0
SHA1

f368916850332757d7ed2f0ee335c16b9c9fc95b
SHA256

d4c83205cf6f3098ab6a757312525f4d14a57a819306eeea5c0d022b00b38cf3
SHA512

f2f7985fbf462bc35e099b58308ddef91320d3d81040f77e7c1c0a3cfc3a4da50c849efd0f063c839848a80927398cc24bc8368d5b0b92014abe2ea7bdc2ddeb
SSDEEP

6144:iibVlHNEHBpDDf2vfQ21NV0zUiCqWjH6YPON9q:igtCpPfGfZSWPf

Score

10^/10

discovery evasion exploit persistence

Malware Config

Targets

- Target
  
  Automatic_converter_rff_to_mp4.exe
- Size
  
  322KB
- MD5
  
  1b4f89bdb12a349de92ca7f1261e67a0
- SHA1
  
  f368916850332757d7ed2f0ee335c16b9c9fc95b
- SHA256
  
  d4c83205cf6f3098ab6a757312525f4d14a57a819306eeea5c0d022b00b38cf3
- SHA512
  
  f2f7985fbf462bc35e099b58308ddef91320d3d81040f77e7c1c0a3cfc3a4da50c849efd0f063c839848a80927398cc24bc8368d5b0b92014abe2ea7bdc2ddeb
- SSDEEP
  
  6144:iibVlHNEHBpDDf2vfQ21NV0zUiCqWjH6YPON9q:igtCpPfGfZSWPf
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

behavioral2

discoveryevasionexploitpersistence