a89f354a594c498b39a45539288f641a2742537db1530f14acfde54ca786f0e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a89f354a594c498b39a45539288f641a2742537db1530f14acfde54ca786f0e3
Size

530KB
Sample

221002-14gjkacgg7
MD5

714bf03a373b39e4ed6ec62a0731f7a8
SHA1

3ef9aa6898e89eaeadc7ed71dd30cbb9d33b820c
SHA256

a89f354a594c498b39a45539288f641a2742537db1530f14acfde54ca786f0e3
SHA512

4668f67f94c77f3c02a647b2b26b133953c2ee8c0b47a0d8995d59d7fd34d2a3ad95762370eeb284de83a30e43cf0d7383138c6cd521b986665887bbc9ca730c
SSDEEP

12288:dtnxKsV0NmYbdGgj28pBvlmNfbLwMuv0g4X390vfmhEc3rY:dtnMSYbdGgjpk5Bu8HtufmhBc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a89f354a594c498b39a45539288f641a2742537db1530f14acfde54ca786f0e3
- Size
  
  530KB
- MD5
  
  714bf03a373b39e4ed6ec62a0731f7a8
- SHA1
  
  3ef9aa6898e89eaeadc7ed71dd30cbb9d33b820c
- SHA256
  
  a89f354a594c498b39a45539288f641a2742537db1530f14acfde54ca786f0e3
- SHA512
  
  4668f67f94c77f3c02a647b2b26b133953c2ee8c0b47a0d8995d59d7fd34d2a3ad95762370eeb284de83a30e43cf0d7383138c6cd521b986665887bbc9ca730c
- SSDEEP
  
  12288:dtnxKsV0NmYbdGgj28pBvlmNfbLwMuv0g4X390vfmhEc3rY:dtnMSYbdGgjpk5Bu8HtufmhBc
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2