a6a996e6ed5a5760ad3120b2f9d2e3697386742ebd9a7e8ebf57f47b2ecb0140 | Triage

Sharing

General

Target

a6a996e6ed5a5760ad3120b2f9d2e3697386742ebd9a7e8ebf57f47b2ecb0140
Size

392KB
Sample

221019-s7ekdaefcl
MD5

90bbd08a32bbb6f857921c5fdce88400
SHA1

604a969183d18d2e5b285746576110acfedfa263
SHA256

a6a996e6ed5a5760ad3120b2f9d2e3697386742ebd9a7e8ebf57f47b2ecb0140
SHA512

174712a4303d0dcf1d1b77e2e08ff978c23b11f82ac1f83e7550f3d12f666ed427c0b843c987ae22002eae34f09de9a5891eaac0a175e2fd7964783d7062e600
SSDEEP

12288:Ct8vVED3Bk0Mr9Vif7/F1hIIaYHuvAIS2r:Ct+gvMpVij/F1hV5HuvAIR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a6a996e6ed5a5760ad3120b2f9d2e3697386742ebd9a7e8ebf57f47b2ecb0140
- Size
  
  392KB
- MD5
  
  90bbd08a32bbb6f857921c5fdce88400
- SHA1
  
  604a969183d18d2e5b285746576110acfedfa263
- SHA256
  
  a6a996e6ed5a5760ad3120b2f9d2e3697386742ebd9a7e8ebf57f47b2ecb0140
- SHA512
  
  174712a4303d0dcf1d1b77e2e08ff978c23b11f82ac1f83e7550f3d12f666ed427c0b843c987ae22002eae34f09de9a5891eaac0a175e2fd7964783d7062e600
- SSDEEP
  
  12288:Ct8vVED3Bk0Mr9Vif7/F1hIIaYHuvAIS2r:Ct+gvMpVij/F1hV5HuvAIR
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2