97ead2057976cc989c024fa9ad761549fa57e53b16ca38aeecf3aa70da77c0ea | Triage

Resubmissions

23-01-2023 12:43

230123-pycsmsdb84 7

05-07-2022 14:19

220705-rmt9naaaen 10

Sharing

General

Target

lidan.exe
Size

124KB
Sample

220705-rmt9naaaen
MD5

2e1ed9a6411f5457e15eb9962d9badc3
SHA1

bf803cfd24fe8e890e2bf420a9e27567b878f000
SHA256

97ead2057976cc989c024fa9ad761549fa57e53b16ca38aeecf3aa70da77c0ea
SHA512

b9d3be71b33b9eea68dd7274e7cb587fa5d59c073f134db147a7d74c357d8f5037a75cfa086c838129ec88a3961061f1e8d95ba00d63ceca5db79674df8cf917

Score

10^/10

Malware Config

Targets

- Target
  
  lidan.exe
- Size
  
  124KB
- MD5
  
  2e1ed9a6411f5457e15eb9962d9badc3
- SHA1
  
  bf803cfd24fe8e890e2bf420a9e27567b878f000
- SHA256
  
  97ead2057976cc989c024fa9ad761549fa57e53b16ca38aeecf3aa70da77c0ea
- SHA512
  
  b9d3be71b33b9eea68dd7274e7cb587fa5d59c073f134db147a7d74c357d8f5037a75cfa086c838129ec88a3961061f1e8d95ba00d63ceca5db79674df8cf917
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2