General
-
Target
Client.exe
-
Size
608KB
-
Sample
241129-qpxl5aslgn
-
MD5
39727583da3ec4b5a2c90f3d098b79fc
-
SHA1
a2ebefa269b3462f7a85b7af2188ede8ed4f0aac
-
SHA256
e10cb7d36b757ce8925ae85fa3c2163df542b98866e06468b54abc9c4c9c05d0
-
SHA512
12c0d9dbd63259cb19cf70b765faf0c6220a3ee8ef6ad7ec6e7638ac4a07c2b701a92e19b8af4a1e859f2b34df159c316653e89ff77b214c71beb5d71170c2a3
-
SSDEEP
6144:KnR9gbQETjrVwuR7V5Ew1w6Ici19/e6VlWT8b9khzaiMuz3KVjbI4R6SqBUiTVVo:G8bQSVEw14fPVle8Sqvx6Sqx
Static task
static1
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Client.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Client.exe
-
Size
608KB
-
MD5
39727583da3ec4b5a2c90f3d098b79fc
-
SHA1
a2ebefa269b3462f7a85b7af2188ede8ed4f0aac
-
SHA256
e10cb7d36b757ce8925ae85fa3c2163df542b98866e06468b54abc9c4c9c05d0
-
SHA512
12c0d9dbd63259cb19cf70b765faf0c6220a3ee8ef6ad7ec6e7638ac4a07c2b701a92e19b8af4a1e859f2b34df159c316653e89ff77b214c71beb5d71170c2a3
-
SSDEEP
6144:KnR9gbQETjrVwuR7V5Ew1w6Ici19/e6VlWT8b9khzaiMuz3KVjbI4R6SqBUiTVVo:G8bQSVEw14fPVle8Sqvx6Sqx
-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1