General
-
Target
163ad5d3affb1f0ed79c60919d65747d
-
Size
37KB
-
Sample
231225-l7r25sceek
-
MD5
163ad5d3affb1f0ed79c60919d65747d
-
SHA1
820f39c7c636fe99fa13e1e7489bc3995d22b4fb
-
SHA256
976cfd767e41e848438298eeadca6a48acc62946374fa5f529c91497693f462d
-
SHA512
736664e773fa6ed381f534670f5e2c5a78eeba0465df2e4b3ecb039b04131d3967c49fadf2fd0063f193c728788b994460d7b962d5d8121d9b0b596651205339
-
SSDEEP
768:9HrZtjEF/e782hCY4g/iB0F79KIDN1dCvbYLYQV5nCsm:NrZtaewPBaF79KuUbYLK
Malware Config
Targets
-
-
Target
163ad5d3affb1f0ed79c60919d65747d
-
Size
37KB
-
MD5
163ad5d3affb1f0ed79c60919d65747d
-
SHA1
820f39c7c636fe99fa13e1e7489bc3995d22b4fb
-
SHA256
976cfd767e41e848438298eeadca6a48acc62946374fa5f529c91497693f462d
-
SHA512
736664e773fa6ed381f534670f5e2c5a78eeba0465df2e4b3ecb039b04131d3967c49fadf2fd0063f193c728788b994460d7b962d5d8121d9b0b596651205339
-
SSDEEP
768:9HrZtjEF/e782hCY4g/iB0F79KIDN1dCvbYLYQV5nCsm:NrZtaewPBaF79KuUbYLK
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
6