461babea862884674941b3a8b6b03e0f9355717e81ea60f89ad5c8f9e195ac78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

461babea862884674941b3a8b6b03e0f9355717e81ea60f89ad5c8f9e195ac78
Size

307KB
Sample

221012-w3zarsfcek
MD5

6a809db0a894a6dc1f6453c47baef1ff
SHA1

2057c211c46d9e4f0674a19935448b0fd31a7afa
SHA256

461babea862884674941b3a8b6b03e0f9355717e81ea60f89ad5c8f9e195ac78
SHA512

bda190b37f0f27f4fd146ce2649837f0b082b581d64c6b5b77a6b7e1506c365e82038c70346c4ac7e66ce35b4d0e6693630e90b5bb63c3df0fe1c8a5479fe232
SSDEEP

6144:4PfifS+J4LgjPOAxoUwqtT2nPgwehhdMh9+dWdP+s:4PqfS+J4Lgj6UhtSowehhah9+wF

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  461babea862884674941b3a8b6b03e0f9355717e81ea60f89ad5c8f9e195ac78
- Size
  
  307KB
- MD5
  
  6a809db0a894a6dc1f6453c47baef1ff
- SHA1
  
  2057c211c46d9e4f0674a19935448b0fd31a7afa
- SHA256
  
  461babea862884674941b3a8b6b03e0f9355717e81ea60f89ad5c8f9e195ac78
- SHA512
  
  bda190b37f0f27f4fd146ce2649837f0b082b581d64c6b5b77a6b7e1506c365e82038c70346c4ac7e66ce35b4d0e6693630e90b5bb63c3df0fe1c8a5479fe232
- SSDEEP
  
  6144:4PfifS+J4LgjPOAxoUwqtT2nPgwehhdMh9+dWdP+s:4PqfS+J4Lgj6UhtSowehhah9+wF
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2