295ede609766eb3431a060e3fb5f04e47297f61b1eb85841f3c35cf6bcfd1620 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

295ede609766eb3431a060e3fb5f04e47297f61b1eb85841f3c35cf6bcfd1620
Size

224KB
Sample

221029-yherqsdban
MD5

a3aab09a5e542cdd663d7eca6e3ef410
SHA1

531eb65e3aa9ebf7ea154c6a763ace02228667ea
SHA256

295ede609766eb3431a060e3fb5f04e47297f61b1eb85841f3c35cf6bcfd1620
SHA512

eab5cdc87677c19fbb81b231c2a403966607fb575418ab76102406c53a279fe68f5a75359d56dec0b62735bec3c80941ffdb8053c9099e55518b68be137b4ea0
SSDEEP

3072:G8BH1KJW1r1qOyhCjG8G3GbGVGBGfGuGxGWYcrf6Kad0:G8BH8JiqOyAYcD6Kad

Score

8^/10

Malware Config

Targets

- Target
  
  295ede609766eb3431a060e3fb5f04e47297f61b1eb85841f3c35cf6bcfd1620
- Size
  
  224KB
- MD5
  
  a3aab09a5e542cdd663d7eca6e3ef410
- SHA1
  
  531eb65e3aa9ebf7ea154c6a763ace02228667ea
- SHA256
  
  295ede609766eb3431a060e3fb5f04e47297f61b1eb85841f3c35cf6bcfd1620
- SHA512
  
  eab5cdc87677c19fbb81b231c2a403966607fb575418ab76102406c53a279fe68f5a75359d56dec0b62735bec3c80941ffdb8053c9099e55518b68be137b4ea0
- SSDEEP
  
  3072:G8BH1KJW1r1qOyhCjG8G3GbGVGBGfGuGxGWYcrf6Kad0:G8BH8JiqOyAYcD6Kad
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2