bcf23942db397d17cf1373921a092e4d5fc8ea92cefafd7cce0326e3193ab1bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcf23942db397d17cf1373921a092e4d5fc8ea92cefafd7cce0326e3193ab1bb
Size

18KB
Sample

220918-2znbzsdgf9
MD5

25929aa8ecf71da5306092c8c9d4144c
SHA1

54ea0b2b7b834242fe4aea26ee1e4b1c2bb40ed1
SHA256

bcf23942db397d17cf1373921a092e4d5fc8ea92cefafd7cce0326e3193ab1bb
SHA512

85826fe151ffbfc59d04786386b3648ec6f2d89b9ef6ef363cf6cbc787b5aba309b62396c1e7ad7e9aae7131edce648aa30df1a9fe7051672817bf454790ff96
SSDEEP

384:Xvj7yr5EpROQaRMrAu5qzg1J6oFe54cIA82v6eNSOGC0hgaMLFr:XvKr7QfcuiG6Ie5r02ieNvGr4r

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bcf23942db397d17cf1373921a092e4d5fc8ea92cefafd7cce0326e3193ab1bb
- Size
  
  18KB
- MD5
  
  25929aa8ecf71da5306092c8c9d4144c
- SHA1
  
  54ea0b2b7b834242fe4aea26ee1e4b1c2bb40ed1
- SHA256
  
  bcf23942db397d17cf1373921a092e4d5fc8ea92cefafd7cce0326e3193ab1bb
- SHA512
  
  85826fe151ffbfc59d04786386b3648ec6f2d89b9ef6ef363cf6cbc787b5aba309b62396c1e7ad7e9aae7131edce648aa30df1a9fe7051672817bf454790ff96
- SSDEEP
  
  384:Xvj7yr5EpROQaRMrAu5qzg1J6oFe54cIA82v6eNSOGC0hgaMLFr:XvKr7QfcuiG6Ie5r02ieNvGr4r
Score

8^/10

persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2