2102399e096ed9df1879890e957529f9484274c50a5dd3e6aaacf71eab12a378 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89c5b369142e8d9fb772cddbd3ed25f5
Size

17KB
Sample

240202-r1jebaafcr
MD5

89c5b369142e8d9fb772cddbd3ed25f5
SHA1

f7221d2d20f1f4559554f75e5cd5dfd02ff38b62
SHA256

2102399e096ed9df1879890e957529f9484274c50a5dd3e6aaacf71eab12a378
SHA512

510d157724da03fb9bcb9928290288db8041c100d904bbdc00dc259d76510f89299c6ce6a0f9160ad6f833793e6ede2a53dc1d75ac83f491035c0df1d6082786
SSDEEP

384:htEEEcq8CIofVzYRWhsXVbCDVGgKTfsjt:hMIS/sXVb3PTot

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  89c5b369142e8d9fb772cddbd3ed25f5
- Size
  
  17KB
- MD5
  
  89c5b369142e8d9fb772cddbd3ed25f5
- SHA1
  
  f7221d2d20f1f4559554f75e5cd5dfd02ff38b62
- SHA256
  
  2102399e096ed9df1879890e957529f9484274c50a5dd3e6aaacf71eab12a378
- SHA512
  
  510d157724da03fb9bcb9928290288db8041c100d904bbdc00dc259d76510f89299c6ce6a0f9160ad6f833793e6ede2a53dc1d75ac83f491035c0df1d6082786
- SSDEEP
  
  384:htEEEcq8CIofVzYRWhsXVbCDVGgKTfsjt:hMIS/sXVb3PTot
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2