6900eacdfd821383b2dea75ed7760c9f5edf23f7f144f8b96ce37ed38316b2af | Triage

Sharing

General

Target

Client.exe
Size

540KB
Sample

240903-vb1tvaseng
MD5

ef949f3f7d4d5c2aaf8d26b7bdb93790
SHA1

7a8524140d58409ff08f3ccde75d806e6f75b1d6
SHA256

6900eacdfd821383b2dea75ed7760c9f5edf23f7f144f8b96ce37ed38316b2af
SHA512

556fd89de6ad8d390d628f97b1738f60000898013bc1b2adab9038513126fd510f86e21892ad84871080226d0c0ecbe8066c3c46c2320d454d219232307f7e56
SSDEEP

12288:FnFwLJDzy+qFcWbYZ/0jHJqE/Q7V3xQXUwUVuFKI1r:o1vyLFcWbYZ/L7L6

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Client.exe
- Size
  
  540KB
- MD5
  
  ef949f3f7d4d5c2aaf8d26b7bdb93790
- SHA1
  
  7a8524140d58409ff08f3ccde75d806e6f75b1d6
- SHA256
  
  6900eacdfd821383b2dea75ed7760c9f5edf23f7f144f8b96ce37ed38316b2af
- SHA512
  
  556fd89de6ad8d390d628f97b1738f60000898013bc1b2adab9038513126fd510f86e21892ad84871080226d0c0ecbe8066c3c46c2320d454d219232307f7e56
- SSDEEP
  
  12288:FnFwLJDzy+qFcWbYZ/0jHJqE/Q7V3xQXUwUVuFKI1r:o1vyLFcWbYZ/L7L6
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2