eaf88aaa9f7adf0c8dc9054eddc35fa9c1681823e6d9486a536ba4c73cadb104 | Triage

Sharing

General

Target

eaf88aaa9f7adf0c8dc9054eddc35fa9c1681823e6d9486a536ba4c73cadb104
Size

36KB
Sample

221004-e4z51sccc9
MD5

5714cbdcc9fcc0902078e3e00f6f8318
SHA1

b7c46bc7ae6b6d2ca61ab4172bf106f0a3a42480
SHA256

eaf88aaa9f7adf0c8dc9054eddc35fa9c1681823e6d9486a536ba4c73cadb104
SHA512

3cf729d8ee5bc668d40ae38490b8939fdb41b0fa579d3d2961969e9f3e68a825bb1bf113495fbcab0271a003fbfcfcb0438ddc20713807f550cc5d5c4ac0e549
SSDEEP

384:fsjcZTurRgiI+pDU68x1kE1h8GImYJMGkvvGd23AcYCthUnFK+RLW7FJDlKNAUCr:1ZTEgiTDUaF4K33CXUFOknm

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  eaf88aaa9f7adf0c8dc9054eddc35fa9c1681823e6d9486a536ba4c73cadb104
- Size
  
  36KB
- MD5
  
  5714cbdcc9fcc0902078e3e00f6f8318
- SHA1
  
  b7c46bc7ae6b6d2ca61ab4172bf106f0a3a42480
- SHA256
  
  eaf88aaa9f7adf0c8dc9054eddc35fa9c1681823e6d9486a536ba4c73cadb104
- SHA512
  
  3cf729d8ee5bc668d40ae38490b8939fdb41b0fa579d3d2961969e9f3e68a825bb1bf113495fbcab0271a003fbfcfcb0438ddc20713807f550cc5d5c4ac0e549
- SSDEEP
  
  384:fsjcZTurRgiI+pDU68x1kE1h8GImYJMGkvvGd23AcYCthUnFK+RLW7FJDlKNAUCr:1ZTEgiTDUaF4K33CXUFOknm
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2