9590a2e5e7e1e64f86bbd131e3b4aefeafd64a350ff4995b5e3f45d6bf4fc472 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9590a2e5e7e1e64f86bbd131e3b4aefeafd64a350ff4995b5e3f45d6bf4fc472
Size

356KB
Sample

221003-h8391sdbb7
MD5

67a35530a7cb9f7e1fa33c5f4ec8a5e0
SHA1

9d3bdc0d573e3147993558433601b787cb6d41fc
SHA256

9590a2e5e7e1e64f86bbd131e3b4aefeafd64a350ff4995b5e3f45d6bf4fc472
SHA512

5f845b8218239bd17497977ad276f993b27e173af0afe3c4cec98828a0a88872ab2234263151c2858f9c65a98ad40621ebfaed5a32a9787fb403eca96c0e60aa
SSDEEP

6144:5GKOnL6TBKoMccwFYo2ac7823e4/YDhrXqgqCWqvwY6Cl/ZBlM5Qhi5:5GKOnAPMVwaD/PKrXqAWqvdBBlM5QA

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  9590a2e5e7e1e64f86bbd131e3b4aefeafd64a350ff4995b5e3f45d6bf4fc472
- Size
  
  356KB
- MD5
  
  67a35530a7cb9f7e1fa33c5f4ec8a5e0
- SHA1
  
  9d3bdc0d573e3147993558433601b787cb6d41fc
- SHA256
  
  9590a2e5e7e1e64f86bbd131e3b4aefeafd64a350ff4995b5e3f45d6bf4fc472
- SHA512
  
  5f845b8218239bd17497977ad276f993b27e173af0afe3c4cec98828a0a88872ab2234263151c2858f9c65a98ad40621ebfaed5a32a9787fb403eca96c0e60aa
- SSDEEP
  
  6144:5GKOnL6TBKoMccwFYo2ac7823e4/YDhrXqgqCWqvwY6Cl/ZBlM5Qhi5:5GKOnAPMVwaD/PKrXqAWqvdBBlM5QA
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2