4f115913a68ae3d442205bf35920d2b8431bd7a3995a72a648b682fdd783efd1 | Triage

Sharing

General

Target

4f115913a68ae3d442205bf35920d2b8431bd7a3995a72a648b682fdd783efd1
Size

191KB
Sample

220720-s1784shea4
MD5

08bc0f08cbe773666ae684ed81c1763c
SHA1

6ef5d42a110a6746d23fe001f2762f31d43c391f
SHA256

4f115913a68ae3d442205bf35920d2b8431bd7a3995a72a648b682fdd783efd1
SHA512

029e25bdff3b4cd61e98ec37a82b2d1d31eb7b4d03dd467e05f4eacb9e52a73189f2755b0b6906f1b811b0a78c38ddb15e6ced05cb47bd870814f15ef7b6ed17

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4f115913a68ae3d442205bf35920d2b8431bd7a3995a72a648b682fdd783efd1
- Size
  
  191KB
- MD5
  
  08bc0f08cbe773666ae684ed81c1763c
- SHA1
  
  6ef5d42a110a6746d23fe001f2762f31d43c391f
- SHA256
  
  4f115913a68ae3d442205bf35920d2b8431bd7a3995a72a648b682fdd783efd1
- SHA512
  
  029e25bdff3b4cd61e98ec37a82b2d1d31eb7b4d03dd467e05f4eacb9e52a73189f2755b0b6906f1b811b0a78c38ddb15e6ced05cb47bd870814f15ef7b6ed17
Score

8^/10

persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2