e55c30cda3620ec63f9c24d4bb0e8959a46b4a0f39934a1cfd9d458ae75972f8 | Triage

Resubmissions

19/10/2022, 08:30

221019-kd4y6sfba3 7

19/10/2022, 08:13

221019-j4xgcafag2 7

Sharing

Copy URL Twitter E-mail

General

Target

Ziraat+Bankasi+Swift+Mesaji.img
Size

246KB
Sample

221019-kd4y6sfba3
MD5

1d528fd9b102eb1c97005caf7ef3157a
SHA1

6fba390547f84b2ffb1dfb4ea3fc9252f2d1182c
SHA256

e55c30cda3620ec63f9c24d4bb0e8959a46b4a0f39934a1cfd9d458ae75972f8
SHA512

531065492fe81229ee8679bb8a99cd729bd0c5d3cb30966f9157aa5c3a24ac99eae0d42c4f66b113fab855fb5986091dc998533296a755f5d619bf3c8128db41
SSDEEP

768:oxfWnhObkAApSu3oiIDNzeJku9vx/SF5Mbd0oC3d4OoxnrKcSnYRJ:Rnkbq

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  sandy.exe
- Size
  
  195KB
- MD5
  
  720971089e8f4292320aa9dd28a23aa5
- SHA1
  
  54f9f9e88cd6791911608a191274ed6bb52bc4cf
- SHA256
  
  f695fb16617b13ad13327d89c181f68fbfee6a23b09b85db7339637b0da8e197
- SHA512
  
  8a4b647a5155f795797836db66de7e7247bfbb5fc9bff9e9101e89f0ef8faa403f21b89c0943761b73c7fda09eb1442dd4d5008a18fe2c2d394e1c81a9b8fa2b
- SSDEEP
  
  768:AxfWnhObkAApSu3oiIDNzeJku9vx/SF5Mbd0oC3d4OoxnrKcSnYRJ:5nkbq
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2