General
-
Target
c563363c86020a2fc67831116c25551e
-
Size
712KB
-
Sample
240313-j1cb1aac67
-
MD5
c563363c86020a2fc67831116c25551e
-
SHA1
ef1103e5453892e018351a8095ccf49bbe2adb01
-
SHA256
253c6ab78606752af810c94fdef1dcfcf89d38fc075c4110da2d107d7f9b9de6
-
SHA512
d00b49d3d8fe3ed708007b16b8a7dd35a70f47fc59f8872cb059cbfe1357bb638961d10092a9d3669852bc86fcce050f9c60a472dce281178c1314df4196e55c
-
SSDEEP
12288:SXx/MNJYJtoa/S3fS9hVFeKx/osTCC/pAIuceT:I1MNJIW3EeKmC/pAIuceT
Static task
static1
Behavioral task
behavioral1
Sample
c563363c86020a2fc67831116c25551e.dll
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
c563363c86020a2fc67831116c25551e
-
Size
712KB
-
MD5
c563363c86020a2fc67831116c25551e
-
SHA1
ef1103e5453892e018351a8095ccf49bbe2adb01
-
SHA256
253c6ab78606752af810c94fdef1dcfcf89d38fc075c4110da2d107d7f9b9de6
-
SHA512
d00b49d3d8fe3ed708007b16b8a7dd35a70f47fc59f8872cb059cbfe1357bb638961d10092a9d3669852bc86fcce050f9c60a472dce281178c1314df4196e55c
-
SSDEEP
12288:SXx/MNJYJtoa/S3fS9hVFeKx/osTCC/pAIuceT:I1MNJIW3EeKmC/pAIuceT
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1