bc7a737daa1c86a9abe55f24c38a01b8a6615015c59ed8f4201b1fa0d151147e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc7a737daa1c86a9abe55f24c38a01b8a6615015c59ed8f4201b1fa0d151147e
Size

255KB
Sample

221029-db1emshdb9
MD5

f5e2fa0dffc3a1243a722ead483bcd62
SHA1

72fa77ff03d8ceb6eb1f576214cbd4ca88064d62
SHA256

bc7a737daa1c86a9abe55f24c38a01b8a6615015c59ed8f4201b1fa0d151147e
SHA512

a1025f7707e272fa60c4d0374cd56fa68c27e675b17a0b0d1ce0b02a8dee79ea7de38dac6af5a3381cf57a1ba048a876734bba535f39b51a2a7968b5b53db5dc
SSDEEP

6144:WoNd7FGge1j67zCBPx2gkCc7fskdSq39Rj:W+7nMqCXFLuf/Sm

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bc7a737daa1c86a9abe55f24c38a01b8a6615015c59ed8f4201b1fa0d151147e
- Size
  
  255KB
- MD5
  
  f5e2fa0dffc3a1243a722ead483bcd62
- SHA1
  
  72fa77ff03d8ceb6eb1f576214cbd4ca88064d62
- SHA256
  
  bc7a737daa1c86a9abe55f24c38a01b8a6615015c59ed8f4201b1fa0d151147e
- SHA512
  
  a1025f7707e272fa60c4d0374cd56fa68c27e675b17a0b0d1ce0b02a8dee79ea7de38dac6af5a3381cf57a1ba048a876734bba535f39b51a2a7968b5b53db5dc
- SSDEEP
  
  6144:WoNd7FGge1j67zCBPx2gkCc7fskdSq39Rj:W+7nMqCXFLuf/Sm
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2