General
-
Target
e160849be9bf20380e6acd89558e3f2e
-
Size
100KB
-
Sample
240327-lsjr8acf4w
-
MD5
e160849be9bf20380e6acd89558e3f2e
-
SHA1
4cc3b14803d8f24c34f644d5cc00164f365ddc6d
-
SHA256
fb1082bc53e550f9a7dcd9eb0e47bc5014329eabe50511101777e0f7c90897e9
-
SHA512
5055255543cd1408602de64abc49c65fb9f9cca49709bfd3c4e06b3c2689c841cf1f95675d22e4ee49c9d4b2ca5f32295674653a68edf1824cf959fd50e4f3c5
-
SSDEEP
3072:4jHS/geOEKohaKQiWkGVk8jwaaHw7Koj4rDMRJc:O1oPQRIQ
Static task
static1
Behavioral task
behavioral1
Sample
e160849be9bf20380e6acd89558e3f2e.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
e160849be9bf20380e6acd89558e3f2e
-
Size
100KB
-
MD5
e160849be9bf20380e6acd89558e3f2e
-
SHA1
4cc3b14803d8f24c34f644d5cc00164f365ddc6d
-
SHA256
fb1082bc53e550f9a7dcd9eb0e47bc5014329eabe50511101777e0f7c90897e9
-
SHA512
5055255543cd1408602de64abc49c65fb9f9cca49709bfd3c4e06b3c2689c841cf1f95675d22e4ee49c9d4b2ca5f32295674653a68edf1824cf959fd50e4f3c5
-
SSDEEP
3072:4jHS/geOEKohaKQiWkGVk8jwaaHw7Koj4rDMRJc:O1oPQRIQ
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1