General
-
Target
89f0653e7418d187e2635f8ef49b3392
-
Size
477KB
-
Sample
240202-tf4wmacbfp
-
MD5
89f0653e7418d187e2635f8ef49b3392
-
SHA1
a0eeb1c89d130ba2e1672b74d874e0b3d73ae1fd
-
SHA256
37e59bcf6384f14899eb5b1c585ebfd5262bb09d6f0b776ccd5253938dde6e5d
-
SHA512
8d78d060caa4201c22c08b33b6d1bfcf6562250effb5e3ee2704170b3f0c1f240ff54f96d90af914620f8960d70dec8c4e2ab7e06c09c5c3747ca4979d6c16d2
-
SSDEEP
12288:D5OnhBwgGIzzXB1nUMER+yqPZuReYoltn:DInUg7PXBuMERShoeBtn
Static task
static1
Behavioral task
behavioral1
Sample
89f0653e7418d187e2635f8ef49b3392.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
89f0653e7418d187e2635f8ef49b3392.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
89f0653e7418d187e2635f8ef49b3392
-
Size
477KB
-
MD5
89f0653e7418d187e2635f8ef49b3392
-
SHA1
a0eeb1c89d130ba2e1672b74d874e0b3d73ae1fd
-
SHA256
37e59bcf6384f14899eb5b1c585ebfd5262bb09d6f0b776ccd5253938dde6e5d
-
SHA512
8d78d060caa4201c22c08b33b6d1bfcf6562250effb5e3ee2704170b3f0c1f240ff54f96d90af914620f8960d70dec8c4e2ab7e06c09c5c3747ca4979d6c16d2
-
SSDEEP
12288:D5OnhBwgGIzzXB1nUMER+yqPZuReYoltn:DInUg7PXBuMERShoeBtn
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2