General
-
Target
cbacd8eb56f45cab8548de46ce35d2f4
-
Size
98KB
-
Sample
240315-r2zspadb39
-
MD5
cbacd8eb56f45cab8548de46ce35d2f4
-
SHA1
8bcbb9c671f5938c645b1c8454792eb328f168a9
-
SHA256
929115b7ebac20c141b5f80a14eef9336651b6e563d3626f56a31e12ef1a3965
-
SHA512
bca3cba36a75ebdf1d098bba4517c80b5411054788b3f67b23812900d1454647f8db965d0d4aba7996964fb79c4bba63524f7df2e6357445f1a45609dd4d770a
-
SSDEEP
3072:I9ndFWQypZsYLAkL6dRU9KIs9WG7Dk8jwaaHw7Koj4rDNMI:UnqpakAU6dRUFsCS
Static task
static1
Behavioral task
behavioral1
Sample
cbacd8eb56f45cab8548de46ce35d2f4.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
cbacd8eb56f45cab8548de46ce35d2f4
-
Size
98KB
-
MD5
cbacd8eb56f45cab8548de46ce35d2f4
-
SHA1
8bcbb9c671f5938c645b1c8454792eb328f168a9
-
SHA256
929115b7ebac20c141b5f80a14eef9336651b6e563d3626f56a31e12ef1a3965
-
SHA512
bca3cba36a75ebdf1d098bba4517c80b5411054788b3f67b23812900d1454647f8db965d0d4aba7996964fb79c4bba63524f7df2e6357445f1a45609dd4d770a
-
SSDEEP
3072:I9ndFWQypZsYLAkL6dRU9KIs9WG7Dk8jwaaHw7Koj4rDNMI:UnqpakAU6dRUFsCS
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1