ecf857c6d2ddb6613dc98b490ca582e6627a5e2c23ef0df093fee897c34f08de | Triage

Sharing

General

Target

ERP_Impressora.exe
Size

4.1MB
Sample

220510-gelbnsfbh3
MD5

194abc8ffd472dbd563e0cd1df8e3755
SHA1

a6fb5ff7d555234ebdfe0dba332dd946192a19f9
SHA256

ecf857c6d2ddb6613dc98b490ca582e6627a5e2c23ef0df093fee897c34f08de
SHA512

225c849e8993fbe464d8511108e60892f4d35e5aabf8773340bad7078ba1f6d41c12094a6d89a539697c5671d92254f2072e7eed42576b8f3edb1de5c71ae00c

Score

8^/10

Malware Config

Targets

- Target
  
  ERP_Impressora.exe
- Size
  
  4.1MB
- MD5
  
  194abc8ffd472dbd563e0cd1df8e3755
- SHA1
  
  a6fb5ff7d555234ebdfe0dba332dd946192a19f9
- SHA256
  
  ecf857c6d2ddb6613dc98b490ca582e6627a5e2c23ef0df093fee897c34f08de
- SHA512
  
  225c849e8993fbe464d8511108e60892f4d35e5aabf8773340bad7078ba1f6d41c12094a6d89a539697c5671d92254f2072e7eed42576b8f3edb1de5c71ae00c
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2