General
-
Target
ede5e8eec2465e1c8f1a1a68a7491709326d2c51e77d46196306aa36cc75dc03
-
Size
673KB
-
Sample
241120-f7fq8asgkj
-
MD5
9698e68f2aaf0bbffdbea8c34236cd6e
-
SHA1
3c6d590bcd7a1b5b2da2d0ac9f8e4ad392306984
-
SHA256
ede5e8eec2465e1c8f1a1a68a7491709326d2c51e77d46196306aa36cc75dc03
-
SHA512
b3e5a2709eeb4e542a1faeb4c86a0f6feb271a1cf424f3fbd05a1079dd6eb7060b64fc07b67139403566c24d94d07b82afcb7f9abdbd4dd2490e7c288460cda1
-
SSDEEP
12288:3Z8nkF9oy1ADvMKdhAS0jjLz7hoo3RpEcvALALdt/xBot/FcEic/3IWVscSfVo8t:3Z8nkF9oySiLz72ooSru/so3V9xmFP9
Malware Config
Targets
-
-
Target
ede5e8eec2465e1c8f1a1a68a7491709326d2c51e77d46196306aa36cc75dc03
-
Size
673KB
-
MD5
9698e68f2aaf0bbffdbea8c34236cd6e
-
SHA1
3c6d590bcd7a1b5b2da2d0ac9f8e4ad392306984
-
SHA256
ede5e8eec2465e1c8f1a1a68a7491709326d2c51e77d46196306aa36cc75dc03
-
SHA512
b3e5a2709eeb4e542a1faeb4c86a0f6feb271a1cf424f3fbd05a1079dd6eb7060b64fc07b67139403566c24d94d07b82afcb7f9abdbd4dd2490e7c288460cda1
-
SSDEEP
12288:3Z8nkF9oy1ADvMKdhAS0jjLz7hoo3RpEcvALALdt/xBot/FcEic/3IWVscSfVo8t:3Z8nkF9oySiLz72ooSru/so3V9xmFP9
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1