General

  • Target

    a92725d2b5309af4d6691f5317171930abf96de0a62fab74a61d3351a3fa46a5

  • Size

    1.1MB

  • Sample

    210511-ljmgm6vb92

  • MD5

    b6215e79025364c262eca72ed1567ec1

  • SHA1

    de4ee49ce7dc4d8a2d210193559c4e6a1ce95f49

  • SHA256

    a92725d2b5309af4d6691f5317171930abf96de0a62fab74a61d3351a3fa46a5

  • SHA512

    6ecb20b6713b40f6a491b585c3fa6b3c76307038a35f47830b6994b4643bf03179d778bb6ac85af1f7ebc2499b51af110c50263763a741e8e1536a6aa73e8053

Score
8/10

Malware Config

Targets

    • Target

      a92725d2b5309af4d6691f5317171930abf96de0a62fab74a61d3351a3fa46a5

    • Size

      1.1MB

    • MD5

      b6215e79025364c262eca72ed1567ec1

    • SHA1

      de4ee49ce7dc4d8a2d210193559c4e6a1ce95f49

    • SHA256

      a92725d2b5309af4d6691f5317171930abf96de0a62fab74a61d3351a3fa46a5

    • SHA512

      6ecb20b6713b40f6a491b585c3fa6b3c76307038a35f47830b6994b4643bf03179d778bb6ac85af1f7ebc2499b51af110c50263763a741e8e1536a6aa73e8053

    Score
    8/10
    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks