5bafba20ad4bf6a6827b2c89a5b74606d00b7d380f9fff7d469d4b52c5be4875 | Triage

Sharing

General

Target

5bafba20ad4bf6a6827b2c89a5b74606d00b7d380f9fff7d469d4b52c5be4875
Size

175KB
Sample

221002-qn72gaabgm
MD5

70e0555942ba10a8f3ba85e7d6db6c7d
SHA1

1ab5a309486943ab79f1e2f647a1d4228c0ce8d1
SHA256

5bafba20ad4bf6a6827b2c89a5b74606d00b7d380f9fff7d469d4b52c5be4875
SHA512

c853f908df99c4e4cef1d0201379ab46304e6bd8a1ae9713bd2155fd4ec72d1a045f38bba4cffd9907ec2f7939766ae162b343bb29db2eba8584593788b308bf
SSDEEP

3072:NDSIG7qC3VkybSE5Vgjh9I+z1QBVOo8b33CnkBlyvDMCCAnJXzv4+cj631PvG5xy:hGlkVE5VgDDS2Sn6lyv/JL4gPvG6

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5bafba20ad4bf6a6827b2c89a5b74606d00b7d380f9fff7d469d4b52c5be4875
- Size
  
  175KB
- MD5
  
  70e0555942ba10a8f3ba85e7d6db6c7d
- SHA1
  
  1ab5a309486943ab79f1e2f647a1d4228c0ce8d1
- SHA256
  
  5bafba20ad4bf6a6827b2c89a5b74606d00b7d380f9fff7d469d4b52c5be4875
- SHA512
  
  c853f908df99c4e4cef1d0201379ab46304e6bd8a1ae9713bd2155fd4ec72d1a045f38bba4cffd9907ec2f7939766ae162b343bb29db2eba8584593788b308bf
- SSDEEP
  
  3072:NDSIG7qC3VkybSE5Vgjh9I+z1QBVOo8b33CnkBlyvDMCCAnJXzv4+cj631PvG5xy:hGlkVE5VgDDS2Sn6lyv/JL4gPvG6
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2