54db64a84496755b91d94c070eea3ce26459ca2213242a6248e3704c44a11934 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54db64a84496755b91d94c070eea3ce26459ca2213242a6248e3704c44a11934
Size

33KB
Sample

221019-ss397adhek
MD5

92509af9b7a485ad0d9384e335b98760
SHA1

57eecbf4dca080971b143f731242b63c2b003e27
SHA256

54db64a84496755b91d94c070eea3ce26459ca2213242a6248e3704c44a11934
SHA512

63ea72155764e9ccc331a0eb25f51189151eb7667c28b1b8c29e60504bc6e128e0e0f032d299c4ba0eea26365218c160ebebfa767e79bf17c0c104701f5eb560
SSDEEP

384:8ILsbCRufBonxlSru+kSBPi+8mKFLRoEjGsbiZOLT9npzl+1PZ0n5yf1kzauvkfn:3sQeonOxkSB0FdoXsVpMhiau8fn

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  54db64a84496755b91d94c070eea3ce26459ca2213242a6248e3704c44a11934
- Size
  
  33KB
- MD5
  
  92509af9b7a485ad0d9384e335b98760
- SHA1
  
  57eecbf4dca080971b143f731242b63c2b003e27
- SHA256
  
  54db64a84496755b91d94c070eea3ce26459ca2213242a6248e3704c44a11934
- SHA512
  
  63ea72155764e9ccc331a0eb25f51189151eb7667c28b1b8c29e60504bc6e128e0e0f032d299c4ba0eea26365218c160ebebfa767e79bf17c0c104701f5eb560
- SSDEEP
  
  384:8ILsbCRufBonxlSru+kSBPi+8mKFLRoEjGsbiZOLT9npzl+1PZ0n5yf1kzauvkfn:3sQeonOxkSB0FdoXsVpMhiau8fn
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2