026ececad2b36cc6ec7847bf7882248a62083d85bd138d72b7bc64f959f4932d | Triage

Sharing

General

Target

026ececad2b36cc6ec7847bf7882248a62083d85bd138d72b7bc64f959f4932d
Size

36KB
Sample

221014-k84xnaghem
MD5

660fdcbd1827080e4d5445c74bf3a770
SHA1

2f6181e9ec2ebbb1a26198abdb472cad766bf230
SHA256

026ececad2b36cc6ec7847bf7882248a62083d85bd138d72b7bc64f959f4932d
SHA512

bce5c5e7d825f68ad990efdece42f148553a379330b7f67cad93c87d5726ef42d0c8df0be5b6244e356c3187200a4e2d8d067ddb15b5dc4b581f4c7181300191
SSDEEP

768:6tNXugDzEwO8UlhS9VWhOFcrX6T7f7EGvMhpfg/nSb/cN5X7fK50WVGd5/N:12vqWqcXXbK5/2/N

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  026ececad2b36cc6ec7847bf7882248a62083d85bd138d72b7bc64f959f4932d
- Size
  
  36KB
- MD5
  
  660fdcbd1827080e4d5445c74bf3a770
- SHA1
  
  2f6181e9ec2ebbb1a26198abdb472cad766bf230
- SHA256
  
  026ececad2b36cc6ec7847bf7882248a62083d85bd138d72b7bc64f959f4932d
- SHA512
  
  bce5c5e7d825f68ad990efdece42f148553a379330b7f67cad93c87d5726ef42d0c8df0be5b6244e356c3187200a4e2d8d067ddb15b5dc4b581f4c7181300191
- SSDEEP
  
  768:6tNXugDzEwO8UlhS9VWhOFcrX6T7f7EGvMhpfg/nSb/cN5X7fK50WVGd5/N:12vqWqcXXbK5/2/N
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2