66e1f900ed8878fc6c11e84c3c75d0fc6efe6e83408427d4454e52cd664002e7 | Triage

Sharing

General

Target

66e1f900ed8878fc6c11e84c3c75d0fc6efe6e83408427d4454e52cd664002e7
Size

48KB
Sample

221020-gtsdjagghq
MD5

776967505dde899169b6b19bd00ad240
SHA1

1fc9e2c0ce9294e268055db4e91962efd85cf575
SHA256

66e1f900ed8878fc6c11e84c3c75d0fc6efe6e83408427d4454e52cd664002e7
SHA512

20f7cf3ff79a60e2c6fc27ba7dde3a86ccb0f297cd2884af1d9eec11636c3bad345f79136ed3eb79788ad117ae354bc170c1d360e1fb3b907f3a18e7a4109a4a
SSDEEP

1536:mrPKVrZ8A1zBMx84USXZEIo8/Wfsg3Tt2l:mrPKVZzMKAWfHh2l

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  66e1f900ed8878fc6c11e84c3c75d0fc6efe6e83408427d4454e52cd664002e7
- Size
  
  48KB
- MD5
  
  776967505dde899169b6b19bd00ad240
- SHA1
  
  1fc9e2c0ce9294e268055db4e91962efd85cf575
- SHA256
  
  66e1f900ed8878fc6c11e84c3c75d0fc6efe6e83408427d4454e52cd664002e7
- SHA512
  
  20f7cf3ff79a60e2c6fc27ba7dde3a86ccb0f297cd2884af1d9eec11636c3bad345f79136ed3eb79788ad117ae354bc170c1d360e1fb3b907f3a18e7a4109a4a
- SSDEEP
  
  1536:mrPKVrZ8A1zBMx84USXZEIo8/Wfsg3Tt2l:mrPKVZzMKAWfHh2l
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2