085a9a7b49fdf4c755ee901db57c45b8701a59ff41a09cf8a64dcd38c9427a77 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

085a9a7b49fdf4c755ee901db57c45b8701a59ff41a09cf8a64dcd38c9427a77
Size

272KB
Sample

221002-ldxersaean
MD5

67d24324016c87757fc16492a006a130
SHA1

b82edc17e5c75f5858614439e3c713db95783ae7
SHA256

085a9a7b49fdf4c755ee901db57c45b8701a59ff41a09cf8a64dcd38c9427a77
SHA512

2aa361454ad6fc7ae337106150675fbfedae6cf3a8080ba761eb73e2e54ad22e37d9d28ca9a23c1ba8ad9314a71bd6412a5811d3ee86bb7a7b29443dee680d3b
SSDEEP

6144:2GqtMAGDrVlcSjUdymn7bug1hASdnoz6Za6uDRrqx:2QAGDrV9MbNhJdcDAx

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  085a9a7b49fdf4c755ee901db57c45b8701a59ff41a09cf8a64dcd38c9427a77
- Size
  
  272KB
- MD5
  
  67d24324016c87757fc16492a006a130
- SHA1
  
  b82edc17e5c75f5858614439e3c713db95783ae7
- SHA256
  
  085a9a7b49fdf4c755ee901db57c45b8701a59ff41a09cf8a64dcd38c9427a77
- SHA512
  
  2aa361454ad6fc7ae337106150675fbfedae6cf3a8080ba761eb73e2e54ad22e37d9d28ca9a23c1ba8ad9314a71bd6412a5811d3ee86bb7a7b29443dee680d3b
- SSDEEP
  
  6144:2GqtMAGDrVlcSjUdymn7bug1hASdnoz6Za6uDRrqx:2QAGDrV9MbNhJdcDAx
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2