1ff55557d41725dc469f2d4ceba020376853c80694c5ce54dfd79d2a415f928f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gamividu.sfx.exe
Size

723KB
Sample

221019-nry7mafda9
MD5

2544c475bc4ae9ad6cbc54fcc6c8c0d6
SHA1

dfe4d16bed72cf9c9b58d46509b7c0d0083782c4
SHA256

1ff55557d41725dc469f2d4ceba020376853c80694c5ce54dfd79d2a415f928f
SHA512

746dbfcacdf64ab3b51d5cc3622a9278cc0c8a6fb91c4f783a28aa84919830f1791d6f54a2f46d7c572c6342a53b511fde79a22f61c71211d7f44228656f4814
SSDEEP

12288:IzxzTDWikLSb4NS7t2X+t40X2C3JawWmKobxjLWPDvbfIO/ylD6J0lak1sKPG0/8:+DWHSb4Nc0fCZyobVL2vhKlm+a6diq+n

Score

8^/10

Malware Config

Targets

- Target
  
  Gamividu.sfx.exe
- Size
  
  723KB
- MD5
  
  2544c475bc4ae9ad6cbc54fcc6c8c0d6
- SHA1
  
  dfe4d16bed72cf9c9b58d46509b7c0d0083782c4
- SHA256
  
  1ff55557d41725dc469f2d4ceba020376853c80694c5ce54dfd79d2a415f928f
- SHA512
  
  746dbfcacdf64ab3b51d5cc3622a9278cc0c8a6fb91c4f783a28aa84919830f1791d6f54a2f46d7c572c6342a53b511fde79a22f61c71211d7f44228656f4814
- SSDEEP
  
  12288:IzxzTDWikLSb4NS7t2X+t40X2C3JawWmKobxjLWPDvbfIO/ylD6J0lak1sKPG0/8:+DWHSb4Nc0fCZyobVL2vhKlm+a6diq+n
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2