50644758dd298eec64d6572a9cb3d4a129f52f4e40b6cf0ffa0b80bccafaed20 | Triage

Sharing

General

Target

3692724c6c6208acdd9db8a4b2cf7adb
Size

70KB
Sample

231231-pye8rsdbc5
MD5

3692724c6c6208acdd9db8a4b2cf7adb
SHA1

58de076c2f5c2dda9e00d14a297fbff3160b523a
SHA256

50644758dd298eec64d6572a9cb3d4a129f52f4e40b6cf0ffa0b80bccafaed20
SHA512

ed8d69f0c21e6074c0e678da4fc5a04cf016e6c3e61e7ac7a49a2bfb4f5102bdb70a00bd69c609d6a157b1c83f4782476e67542f90d07ccea44b02e2d839c4f5
SSDEEP

768:Edskb6E3ulbftsgT0z7GDkmKV2KljK1sQbAQusQZ7uuK3P1s/e/NVP9umROF4HQ8:Eem3ulb1sggnyC9csSA+vdsVESYWNru

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3692724c6c6208acdd9db8a4b2cf7adb
- Size
  
  70KB
- MD5
  
  3692724c6c6208acdd9db8a4b2cf7adb
- SHA1
  
  58de076c2f5c2dda9e00d14a297fbff3160b523a
- SHA256
  
  50644758dd298eec64d6572a9cb3d4a129f52f4e40b6cf0ffa0b80bccafaed20
- SHA512
  
  ed8d69f0c21e6074c0e678da4fc5a04cf016e6c3e61e7ac7a49a2bfb4f5102bdb70a00bd69c609d6a157b1c83f4782476e67542f90d07ccea44b02e2d839c4f5
- SSDEEP
  
  768:Edskb6E3ulbftsgT0z7GDkmKV2KljK1sQbAQusQZ7uuK3P1s/e/NVP9umROF4HQ8:Eem3ulb1sggnyC9csSA+vdsVESYWNru
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2