674965f9f5ab7b7a792a0c6c3f898480d2478e929e1c682b05f0664f6376fdba | Triage

Sharing

General

Target

674965f9f5ab7b7a792a0c6c3f898480d2478e929e1c682b05f0664f6376fdba
Size

22.0MB
Sample

220913-gv2ctsegd9
MD5

d513c24646efc0c51ea98827679dd01f
SHA1

f349a48d210eddc0ddf75b6b08ca63739a70492a
SHA256

674965f9f5ab7b7a792a0c6c3f898480d2478e929e1c682b05f0664f6376fdba
SHA512

3776941bca713e40f0ae9eb183f1e35a77feb3eb9592f62daca7046c8b8f9cf5cbd63bf8f58c924184a2c10f585032bda5e32db5b7ee816d5bd41474f4fd848a
SSDEEP

393216:9Bsl0Sc9xFudQHI1E/Wq+z9rUrcXaAzZS25hPe5iXHtpJcQPJeTJcWlSTCKOJyKJ:Ml0S4JgE/V+JAAZoCHHJcEedcQS2KOJ5

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  674965f9f5ab7b7a792a0c6c3f898480d2478e929e1c682b05f0664f6376fdba
- Size
  
  22.0MB
- MD5
  
  d513c24646efc0c51ea98827679dd01f
- SHA1
  
  f349a48d210eddc0ddf75b6b08ca63739a70492a
- SHA256
  
  674965f9f5ab7b7a792a0c6c3f898480d2478e929e1c682b05f0664f6376fdba
- SHA512
  
  3776941bca713e40f0ae9eb183f1e35a77feb3eb9592f62daca7046c8b8f9cf5cbd63bf8f58c924184a2c10f585032bda5e32db5b7ee816d5bd41474f4fd848a
- SSDEEP
  
  393216:9Bsl0Sc9xFudQHI1E/Wq+z9rUrcXaAzZS25hPe5iXHtpJcQPJeTJcWlSTCKOJyKJ:Ml0S4JgE/V+JAAZoCHHJcEedcQS2KOJ5
Score

8^/10

persistence
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2