e290a1fdcb83cc3a4d385eaed40ba5a4e713df002fef9f5d1446b1808770c140 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5884fac3fd83cb8f49032861e7b24bb6
Size

80KB
Sample

240113-kyhlnsfdfj
MD5

5884fac3fd83cb8f49032861e7b24bb6
SHA1

33279856301e3c0afb5e19f8263f2d8ca6582251
SHA256

e290a1fdcb83cc3a4d385eaed40ba5a4e713df002fef9f5d1446b1808770c140
SHA512

87fc1cb23fc46510919bcf9392273b1527e79a0b36ea5543ba3f45cb3394b7db35a82d9fda3f231a1a8b1d310841e4f313d78edbca68ed4eac404a5610de13c0
SSDEEP

1536:LRAh8NBWeu2eOHhIzVi6q6ew7HwWn19M0/Frj3KhvQKAS1tafNK40Sfnw14RjYGX:LBDeWIY6q6ew7QW1n/Fr2hYx+taIIfK+

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  5884fac3fd83cb8f49032861e7b24bb6
- Size
  
  80KB
- MD5
  
  5884fac3fd83cb8f49032861e7b24bb6
- SHA1
  
  33279856301e3c0afb5e19f8263f2d8ca6582251
- SHA256
  
  e290a1fdcb83cc3a4d385eaed40ba5a4e713df002fef9f5d1446b1808770c140
- SHA512
  
  87fc1cb23fc46510919bcf9392273b1527e79a0b36ea5543ba3f45cb3394b7db35a82d9fda3f231a1a8b1d310841e4f313d78edbca68ed4eac404a5610de13c0
- SSDEEP
  
  1536:LRAh8NBWeu2eOHhIzVi6q6ew7HwWn19M0/Frj3KhvQKAS1tafNK40Sfnw14RjYGX:LBDeWIY6q6ew7QW1n/Fr2hYx+taIIfK+
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2