General
-
Target
0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7.exe
-
Size
1.7MB
-
Sample
241107-rrbywatjct
-
MD5
b0492d9569de9b035c89d90c6eab7974
-
SHA1
2a5f0677dceb65d7c22645b79ff8f658f77f2365
-
SHA256
0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7
-
SHA512
8eafa9750a2b5b8e2ea2da88858da5a2a7cd09ebb3e3232ecc08a19f2da7efee411cfc0e6a1de16240b0543e7c0ce32303f74c52e2efbe660752dd44e89ec73b
-
SSDEEP
24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPn:ssnxU2
Behavioral task
behavioral1
Sample
0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7.exe
-
Size
1.7MB
-
MD5
b0492d9569de9b035c89d90c6eab7974
-
SHA1
2a5f0677dceb65d7c22645b79ff8f658f77f2365
-
SHA256
0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7
-
SHA512
8eafa9750a2b5b8e2ea2da88858da5a2a7cd09ebb3e3232ecc08a19f2da7efee411cfc0e6a1de16240b0543e7c0ce32303f74c52e2efbe660752dd44e89ec73b
-
SSDEEP
24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPn:ssnxU2
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
7