d0819ed578beb38c8875532613ff761b6b4816f653ee41042f853fb87cdb592d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0819ed578beb38c8875532613ff761b6b4816f653ee41042f853fb87cdb592d
Size

38KB
Sample

220201-edgkzsgcam
MD5

3d584a5b6cec11d3ed873ab96021ef3e
SHA1

8261eeddd91f3685df067d625e87075428169805
SHA256

d0819ed578beb38c8875532613ff761b6b4816f653ee41042f853fb87cdb592d
SHA512

7b8bd961345ac04b454e6d22ad45790d5c1eb2ebd86632fc6594d0402f03f1c7f468179c89b114dfa38ff159bd3780bfa1498817cdebde90c4d97f237a345b5c

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  d0819ed578beb38c8875532613ff761b6b4816f653ee41042f853fb87cdb592d
- Size
  
  38KB
- MD5
  
  3d584a5b6cec11d3ed873ab96021ef3e
- SHA1
  
  8261eeddd91f3685df067d625e87075428169805
- SHA256
  
  d0819ed578beb38c8875532613ff761b6b4816f653ee41042f853fb87cdb592d
- SHA512
  
  7b8bd961345ac04b454e6d22ad45790d5c1eb2ebd86632fc6594d0402f03f1c7f468179c89b114dfa38ff159bd3780bfa1498817cdebde90c4d97f237a345b5c
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2