644d0154e5eec94cf7d959cf8b7d5f914769966668dd29dca216b1591c992d15 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1840d5ac44c6a07e8587bfe6f18150be
Size

63KB
Sample

231230-pgalyshdf4
MD5

1840d5ac44c6a07e8587bfe6f18150be
SHA1

25f116597e7d9a7ce1c867671c1b7c9037445088
SHA256

644d0154e5eec94cf7d959cf8b7d5f914769966668dd29dca216b1591c992d15
SHA512

d21d604643835132d64e4d9c012b4a1696c71c2cee20cebe2676cf4c602acc5876f6680dfab823d590f11f0016104da5a0b010bcbb377d3dea44246b38a03cb4
SSDEEP

1536:QzaSt/xYF8hNkRm4vbNZq+bSoLN5eoHKyBq:Qd7XNkRm4RZqKSoLN5zHKyc

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  1840d5ac44c6a07e8587bfe6f18150be
- Size
  
  63KB
- MD5
  
  1840d5ac44c6a07e8587bfe6f18150be
- SHA1
  
  25f116597e7d9a7ce1c867671c1b7c9037445088
- SHA256
  
  644d0154e5eec94cf7d959cf8b7d5f914769966668dd29dca216b1591c992d15
- SHA512
  
  d21d604643835132d64e4d9c012b4a1696c71c2cee20cebe2676cf4c602acc5876f6680dfab823d590f11f0016104da5a0b010bcbb377d3dea44246b38a03cb4
- SSDEEP
  
  1536:QzaSt/xYF8hNkRm4vbNZq+bSoLN5eoHKyBq:Qd7XNkRm4RZqKSoLN5zHKyc
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2