7fb2d36b6657b36bf2d6b4af7c07509e2a008446aa4e6306d601dc5f7de18597 | Triage

Sharing

General

Target

7fb2d36b6657b36bf2d6b4af7c07509e2a008446aa4e6306d601dc5f7de18597
Size

668KB
Sample

221020-fvyfhafda9
MD5

7c89b2be9fa695285b007dd2babb222b
SHA1

b583e8cf78bab75a227e41777f422bdf8d73b204
SHA256

7fb2d36b6657b36bf2d6b4af7c07509e2a008446aa4e6306d601dc5f7de18597
SHA512

68a89220f6344875d9f5860f2f947efe4d53378644e0fe6329662ff509b79196faa383f2388af5ba238ded4b1d13f5cdaa44a88ae66ac67e0055ef9db2a8b65e
SSDEEP

6144:2nWVRlRkrIU2ykH2ipsPnafFlerkb3LrtKt:goRl2rIjXnOitlt3N

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7fb2d36b6657b36bf2d6b4af7c07509e2a008446aa4e6306d601dc5f7de18597
- Size
  
  668KB
- MD5
  
  7c89b2be9fa695285b007dd2babb222b
- SHA1
  
  b583e8cf78bab75a227e41777f422bdf8d73b204
- SHA256
  
  7fb2d36b6657b36bf2d6b4af7c07509e2a008446aa4e6306d601dc5f7de18597
- SHA512
  
  68a89220f6344875d9f5860f2f947efe4d53378644e0fe6329662ff509b79196faa383f2388af5ba238ded4b1d13f5cdaa44a88ae66ac67e0055ef9db2a8b65e
- SSDEEP
  
  6144:2nWVRlRkrIU2ykH2ipsPnafFlerkb3LrtKt:goRl2rIjXnOitlt3N
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2