7eadf56896bd5a302a74c84a21dadf27db0a7c75529081c7323ff973b7fd7cca | Triage

Sharing

General

Target

7eadf56896bd5a302a74c84a21dadf27db0a7c75529081c7323ff973b7fd7cca
Size

61KB
Sample

220919-vbprkshca6
MD5

df0017f8ba9e652ef57c934522f0a6f6
SHA1

18a5c69f7181f8a960288cd13dc372c5aae8cda7
SHA256

7eadf56896bd5a302a74c84a21dadf27db0a7c75529081c7323ff973b7fd7cca
SHA512

240a92a2e2a1a1c067d7fe3057cdf5f2da7f0bf97da1ee3885d5f3b0999b43e5d36403fc268dffa9d13ff68e95c8bcc5bc23c21f1a12cbc5e947fc8fb9b9c028
SSDEEP

768:rsU+6+bp71WZy4ZCCCDzRn3sNNa+tg9td/mgzLBnZYXYb3B1gIPMQtKxI:AU+6chKybCKp8w+qd/m4Bnec1vP6xI

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7eadf56896bd5a302a74c84a21dadf27db0a7c75529081c7323ff973b7fd7cca
- Size
  
  61KB
- MD5
  
  df0017f8ba9e652ef57c934522f0a6f6
- SHA1
  
  18a5c69f7181f8a960288cd13dc372c5aae8cda7
- SHA256
  
  7eadf56896bd5a302a74c84a21dadf27db0a7c75529081c7323ff973b7fd7cca
- SHA512
  
  240a92a2e2a1a1c067d7fe3057cdf5f2da7f0bf97da1ee3885d5f3b0999b43e5d36403fc268dffa9d13ff68e95c8bcc5bc23c21f1a12cbc5e947fc8fb9b9c028
- SSDEEP
  
  768:rsU+6+bp71WZy4ZCCCDzRn3sNNa+tg9td/mgzLBnZYXYb3B1gIPMQtKxI:AU+6chKybCKp8w+qd/m4Bnec1vP6xI
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2