General
-
Target
def9869341fcf9b7d2db5eaec231f848
-
Size
113KB
-
Sample
240326-mtwzlsgd34
-
MD5
def9869341fcf9b7d2db5eaec231f848
-
SHA1
5f3d789293c98f84b810e6a63b1ae8c54777178f
-
SHA256
17e7806689a925bdad2e50ef4aab104697d6338ab0d79a0a519f3f5679110654
-
SHA512
f61a583515d05c168cadfe2b230e3595807f92cb6197b391213872011e758c1b557db4d9910cee0fe382625862dba6945ce18b27c4adb36a1e1ee3b3b8c07f6c
-
SSDEEP
3072:39y2beY8m+1GYPHMiqqOIx4J2vNbGfvGnd3gW5ZM4/ue/1:3hX8mKGmHKGNdndPZMTe/1
Static task
static1
Behavioral task
behavioral1
Sample
def9869341fcf9b7d2db5eaec231f848.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
def9869341fcf9b7d2db5eaec231f848
-
Size
113KB
-
MD5
def9869341fcf9b7d2db5eaec231f848
-
SHA1
5f3d789293c98f84b810e6a63b1ae8c54777178f
-
SHA256
17e7806689a925bdad2e50ef4aab104697d6338ab0d79a0a519f3f5679110654
-
SHA512
f61a583515d05c168cadfe2b230e3595807f92cb6197b391213872011e758c1b557db4d9910cee0fe382625862dba6945ce18b27c4adb36a1e1ee3b3b8c07f6c
-
SSDEEP
3072:39y2beY8m+1GYPHMiqqOIx4J2vNbGfvGnd3gW5ZM4/ue/1:3hX8mKGmHKGNdndPZMTe/1
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1