General
-
Target
045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9N
-
Size
1.3MB
-
Sample
241104-heq3lawhnk
-
MD5
dda42ac9de8a5b0d6e7b79ec20f9e6d0
-
SHA1
3cd61729bc16e83ce94b670d99b5aa9585af2e63
-
SHA256
045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9
-
SHA512
d5be7a374be347db56f689e943aa3d481066c948a947a1537a3b3a608997506469cf3397e15b5d495522c3452e1cfd5574273f177990fd7441c951b1deec0bc3
-
SSDEEP
12288:GX+poQwy+f7zl7EGhP/nyXjnreHHWVocHLlIAYV0VbkQsYxiLkT3AYwj7Z2TErXX:iDZntnyXguVS/pYbJU7Njd8aPWW6dw4w
Static task
static1
Behavioral task
behavioral1
Sample
045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9N
-
Size
1.3MB
-
MD5
dda42ac9de8a5b0d6e7b79ec20f9e6d0
-
SHA1
3cd61729bc16e83ce94b670d99b5aa9585af2e63
-
SHA256
045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9
-
SHA512
d5be7a374be347db56f689e943aa3d481066c948a947a1537a3b3a608997506469cf3397e15b5d495522c3452e1cfd5574273f177990fd7441c951b1deec0bc3
-
SSDEEP
12288:GX+poQwy+f7zl7EGhP/nyXjnreHHWVocHLlIAYV0VbkQsYxiLkT3AYwj7Z2TErXX:iDZntnyXguVS/pYbJU7Njd8aPWW6dw4w
-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1