798f8698fc6a500b954a0bad01acc25e9120c2ab3e7c74c40e8f9ff936129b28 | Triage

Sharing

General

Target

b9e65dcaaebcaaa7393f677997a7aa79
Size

35KB
Sample

240307-2492jshf7s
MD5

b9e65dcaaebcaaa7393f677997a7aa79
SHA1

fee140708be425e5ec3a827ee6083f1ec7072a13
SHA256

798f8698fc6a500b954a0bad01acc25e9120c2ab3e7c74c40e8f9ff936129b28
SHA512

34c4a35efef7c73b2a8198005589822d438f9674934bc0ca355bce9db02652304501abab1195d81baa53b5052be0808848bc0d701d831de7efdcb2f5002bf0ed
SSDEEP

768:WSFD2Dn9m9VTXiOjO4ZcXZbgFqKdbdNhe05WPCc2erQl:WSx2ZmrTXljORXFgFT5Jh5WPCcdEl

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b9e65dcaaebcaaa7393f677997a7aa79
- Size
  
  35KB
- MD5
  
  b9e65dcaaebcaaa7393f677997a7aa79
- SHA1
  
  fee140708be425e5ec3a827ee6083f1ec7072a13
- SHA256
  
  798f8698fc6a500b954a0bad01acc25e9120c2ab3e7c74c40e8f9ff936129b28
- SHA512
  
  34c4a35efef7c73b2a8198005589822d438f9674934bc0ca355bce9db02652304501abab1195d81baa53b5052be0808848bc0d701d831de7efdcb2f5002bf0ed
- SSDEEP
  
  768:WSFD2Dn9m9VTXiOjO4ZcXZbgFqKdbdNhe05WPCc2erQl:WSx2ZmrTXljORXFgFT5Jh5WPCcdEl
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2