557b41277987ad78b34442dd286d4ab865334599f2311f98c120befbda80ad99 | Triage

Sharing

General

Target

6185180472311808.zip
Size

156KB
Sample

210420-6farbcly5n
MD5

b78f8227e5428d8882a9e724d9dd7b1a
SHA1

d73cde0c7136158164288888189493a8d702c80a
SHA256

557b41277987ad78b34442dd286d4ab865334599f2311f98c120befbda80ad99
SHA512

70939c4351da79632e29fd45baeaab73734e4771caecad9a9aa860ee008478bd864bf8a54975588d4f2d3f744034a89c853ff43b97c880530c372f41aa98d2a8

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f2d3817ae698cef63903265674ccdceadacde415396b4880196915f9f4d02b58
- Size
  
  285KB
- MD5
  
  4d71e43a37b35ae59d5213659988d089
- SHA1
  
  6ead57c5ca1682701c15ce73cf5a7aaf22d0d49e
- SHA256
  
  f2d3817ae698cef63903265674ccdceadacde415396b4880196915f9f4d02b58
- SHA512
  
  abcbf991a9869d11babfc70e85960c441bc93c97a009aed7a117ccaabcb16a2934e65b1a2c83b276319c321a1fc714445025eae0d16d421e41093395f9d3ae01
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2