ea934dba73517752e0bffab95af515062e49516c428d2e435414685e552d6de0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea934dba73517752e0bffab95af515062e49516c428d2e435414685e552d6de0
Size

272KB
Sample

220919-tnrk9sbhgj
MD5

9a5a1455b7d3963fed90424a5ac5dda6
SHA1

d38c801bb48b9e084404c06bbd441813dc214465
SHA256

ea934dba73517752e0bffab95af515062e49516c428d2e435414685e552d6de0
SHA512

2ab6835e90fa1df5efafa5cc2dc7c55b4ad98003131a177d23771119092895140c39338645c9012a2829c74714043b1ebf8bd973a0fec2d24ac81d536f0faabf
SSDEEP

6144:70GUqscfRLIHbslykKuqi7kKWifFp5ZT0Avo:YGBVflGbslJvqiQKnD5R0Avo

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ea934dba73517752e0bffab95af515062e49516c428d2e435414685e552d6de0
- Size
  
  272KB
- MD5
  
  9a5a1455b7d3963fed90424a5ac5dda6
- SHA1
  
  d38c801bb48b9e084404c06bbd441813dc214465
- SHA256
  
  ea934dba73517752e0bffab95af515062e49516c428d2e435414685e552d6de0
- SHA512
  
  2ab6835e90fa1df5efafa5cc2dc7c55b4ad98003131a177d23771119092895140c39338645c9012a2829c74714043b1ebf8bd973a0fec2d24ac81d536f0faabf
- SSDEEP
  
  6144:70GUqscfRLIHbslykKuqi7kKWifFp5ZT0Avo:YGBVflGbslJvqiQKnD5R0Avo
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2