dba995e6aaa6f389ac6d551a8ae8f2d15674e9b39e66f9b1da7e2b30883c3bc4 | Triage

Sharing

General

Target

dba995e6aaa6f389ac6d551a8ae8f2d15674e9b39e66f9b1da7e2b30883c3bc4
Size

84KB
Sample

221019-1dktashebl
MD5

920169046a9e869b4884037b36aaa559
SHA1

2bd9e76e7aa1c1f6255b489bc45f89b8a01a5093
SHA256

dba995e6aaa6f389ac6d551a8ae8f2d15674e9b39e66f9b1da7e2b30883c3bc4
SHA512

ff75fd2d06093a09ac8e535fc9825817a6b3623fbf2969062bfb34d058477418684b1b57534997c4cb27cbc08ac10309f51ed437845e185d418c342f27466701
SSDEEP

1536:kLXwv8yBPPH/REHv0uBws+Gk06bf4BaUAv9Ffmey81poqGZDt7jx0mD3hiOY5:kDw0QPGP0uyPPL4B1A1FfmeyD311v3s/

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  dba995e6aaa6f389ac6d551a8ae8f2d15674e9b39e66f9b1da7e2b30883c3bc4
- Size
  
  84KB
- MD5
  
  920169046a9e869b4884037b36aaa559
- SHA1
  
  2bd9e76e7aa1c1f6255b489bc45f89b8a01a5093
- SHA256
  
  dba995e6aaa6f389ac6d551a8ae8f2d15674e9b39e66f9b1da7e2b30883c3bc4
- SHA512
  
  ff75fd2d06093a09ac8e535fc9825817a6b3623fbf2969062bfb34d058477418684b1b57534997c4cb27cbc08ac10309f51ed437845e185d418c342f27466701
- SSDEEP
  
  1536:kLXwv8yBPPH/REHv0uBws+Gk06bf4BaUAv9Ffmey81poqGZDt7jx0mD3hiOY5:kDw0QPGP0uyPPL4B1A1FfmeyD311v3s/
Score

8^/10

persistence
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2