c26f2edf86555e23ccfeb0664744f1da32446310d50d9439edb9080d8bea562a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b43c94a54e52b246139d70534a3321d7
Size

34KB
Sample

240305-j7bdaabc33
MD5

b43c94a54e52b246139d70534a3321d7
SHA1

46899569f33d9682c8f48a92cc0d73e59f72b9fd
SHA256

c26f2edf86555e23ccfeb0664744f1da32446310d50d9439edb9080d8bea562a
SHA512

9a96fcdc6f94950b39e6f03a19d198f2697a67ce9d2eb6e70958a61778c206ae001f549ef3b0fca61057eb7794e451f7823b4738c8ea96f775a819991ab0ab0e
SSDEEP

768:m/tYCIW/YZGtv0zbN2D664B6PEUrC+GvPVLc:eFIWgGCzbN2mr6PrJGvi

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b43c94a54e52b246139d70534a3321d7
- Size
  
  34KB
- MD5
  
  b43c94a54e52b246139d70534a3321d7
- SHA1
  
  46899569f33d9682c8f48a92cc0d73e59f72b9fd
- SHA256
  
  c26f2edf86555e23ccfeb0664744f1da32446310d50d9439edb9080d8bea562a
- SHA512
  
  9a96fcdc6f94950b39e6f03a19d198f2697a67ce9d2eb6e70958a61778c206ae001f549ef3b0fca61057eb7794e451f7823b4738c8ea96f775a819991ab0ab0e
- SSDEEP
  
  768:m/tYCIW/YZGtv0zbN2D664B6PEUrC+GvPVLc:eFIWgGCzbN2mr6PrJGvi
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2