30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745 | Triage

Sharing

General

Target

mine2.exe
Size

810KB
Sample

220626-gg54vsbbc3
MD5

be75e9e51767b5a59536afbbf9ffafbc
SHA1

78be65d86a6918643092e8e90fd72ad3b9ab997f
SHA256

30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745
SHA512

4e9f7198dd12adeb21669f74e1cdebe16ac7ccae8e1f29b537438239d1a240a8f1ab890afebe8c1f8603909a1c72b8ce7e7c981f2147fa53dccc6c43b6a3d9e6

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  mine2.exe
- Size
  
  810KB
- MD5
  
  be75e9e51767b5a59536afbbf9ffafbc
- SHA1
  
  78be65d86a6918643092e8e90fd72ad3b9ab997f
- SHA256
  
  30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745
- SHA512
  
  4e9f7198dd12adeb21669f74e1cdebe16ac7ccae8e1f29b537438239d1a240a8f1ab890afebe8c1f8603909a1c72b8ce7e7c981f2147fa53dccc6c43b6a3d9e6
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2