bd54e20c45f5fe1ceec257f805da77a0e99b5198acc56ca0f333a5be855dfddc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd54e20c45f5fe1ceec257f805da77a0e99b5198acc56ca0f333a5be855dfddc
Size

184KB
Sample

221004-ev7hqsbhg3
MD5

2a7030368f120cdbc07d06b98fffe705
SHA1

d69b10fe4eb352f845018d8e405783b6cfeeb615
SHA256

bd54e20c45f5fe1ceec257f805da77a0e99b5198acc56ca0f333a5be855dfddc
SHA512

889e46a73f0ef2c2e7bcce8c5d9f1b345ce98701e1dc6ed2dc5b7c1761fece211ba4bcea0caaeee41acf08e7d4ce27304c707e39187cc2b4a9ee6a6c5e96b278
SSDEEP

3072:gro4fDTDfGH5bIO2wC2MJ1UOEbX8/+BsO8OQlkzvYISIKC7z/m+tDc8CCtz1Z6:grPfDf4CuO9hsQlMgY2+t718

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bd54e20c45f5fe1ceec257f805da77a0e99b5198acc56ca0f333a5be855dfddc
- Size
  
  184KB
- MD5
  
  2a7030368f120cdbc07d06b98fffe705
- SHA1
  
  d69b10fe4eb352f845018d8e405783b6cfeeb615
- SHA256
  
  bd54e20c45f5fe1ceec257f805da77a0e99b5198acc56ca0f333a5be855dfddc
- SHA512
  
  889e46a73f0ef2c2e7bcce8c5d9f1b345ce98701e1dc6ed2dc5b7c1761fece211ba4bcea0caaeee41acf08e7d4ce27304c707e39187cc2b4a9ee6a6c5e96b278
- SSDEEP
  
  3072:gro4fDTDfGH5bIO2wC2MJ1UOEbX8/+BsO8OQlkzvYISIKC7z/m+tDc8CCtz1Z6:grPfDf4CuO9hsQlMgY2+t718
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2