2acc45c549010bd5c565049a2c18c13ff27754215a2f97bf06aa88fe4b7cd86c | Triage

Sharing

General

Target

Dildo.exe
Size

253KB
Sample

250331-s2an8ssyby
MD5

f6aa6321b060016411953ddaf04ef5f0
SHA1

3c480e24c06614a4d40d6e3270132afaacda594d
SHA256

2acc45c549010bd5c565049a2c18c13ff27754215a2f97bf06aa88fe4b7cd86c
SHA512

7acee8b4853f9313cc7829461168377aa436a3e9fda11253861294e70cd8503bdf4b9f60fa10c26eb935122a50fdbcb8aebe93fd8e19fd044d393b2f01858563
SSDEEP

3072:Kuah5Hn1ze9587eEuVhbLaZmsORINVJx7CidF/H3++z3zZAjsZXbzLjqnsW:wn1zjuAvVWidx3lTzZAEbjqs

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Dildo.exe
- Size
  
  253KB
- MD5
  
  f6aa6321b060016411953ddaf04ef5f0
- SHA1
  
  3c480e24c06614a4d40d6e3270132afaacda594d
- SHA256
  
  2acc45c549010bd5c565049a2c18c13ff27754215a2f97bf06aa88fe4b7cd86c
- SHA512
  
  7acee8b4853f9313cc7829461168377aa436a3e9fda11253861294e70cd8503bdf4b9f60fa10c26eb935122a50fdbcb8aebe93fd8e19fd044d393b2f01858563
- SSDEEP
  
  3072:Kuah5Hn1ze9587eEuVhbLaZmsORINVJx7CidF/H3++z3zZAjsZXbzLjqnsW:wn1zjuAvVWidx3lTzZAEbjqs
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3