General
-
Target
ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0N.exe
-
Size
665KB
-
Sample
241112-q7gcvstgmc
-
MD5
4c0c38e7fad334322adc74c33eb50ac0
-
SHA1
d0706bfa6dab31f79f7cbe6265569e8b1184dbdb
-
SHA256
ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0
-
SHA512
5542d4f78b1af871ab097fc2caeaeb84fb82064a73e7da94cb9d613a10e1442c924358c15f5b5fd6128eba75312096c3a66170ff087bfadaa5c9d46013e60523
-
SSDEEP
12288:3Z8nkF9oy1ADvMKdhAS0jjLz7hoo3RpEcvALALdt/xBot/FcEic/3IWVscSfVo8o:3Z8nkF9oySiLz72ooSru/so3V9xmFXA
Static task
static1
Behavioral task
behavioral1
Sample
ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0N.exe
-
Size
665KB
-
MD5
4c0c38e7fad334322adc74c33eb50ac0
-
SHA1
d0706bfa6dab31f79f7cbe6265569e8b1184dbdb
-
SHA256
ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0
-
SHA512
5542d4f78b1af871ab097fc2caeaeb84fb82064a73e7da94cb9d613a10e1442c924358c15f5b5fd6128eba75312096c3a66170ff087bfadaa5c9d46013e60523
-
SSDEEP
12288:3Z8nkF9oy1ADvMKdhAS0jjLz7hoo3RpEcvALALdt/xBot/FcEic/3IWVscSfVo8o:3Z8nkF9oySiLz72ooSru/so3V9xmFXA
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1