a26ff0a5d5e20be741d6b6470bd4a08e25a0b4f844ce223979f04259bdd7a40a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a26ff0a5d5e20be741d6b6470bd4a08e25a0b4f844ce223979f04259bdd7a40a
Size

465KB
Sample

221030-gbt5eaebh5
MD5

92747180802f8e11183e00c86fe26a28
SHA1

5988d15adee8438652cb7e5b55d534bf294de179
SHA256

a26ff0a5d5e20be741d6b6470bd4a08e25a0b4f844ce223979f04259bdd7a40a
SHA512

2508ba734dcd792ccc0b4a8af2faf95c699191497e4f6261c5651b7c373324aefec78525f9db167efd117d138bcd4bc4faadc2dddddd5af38149fd19951986ec
SSDEEP

12288:sutrzh9xOXkPLd+jxWLlPgb2Suu208gSDyE0QVFMVxJ2u1n:sutr5OUPL6mlg2ZxgSDD1V2VDJ1n

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a26ff0a5d5e20be741d6b6470bd4a08e25a0b4f844ce223979f04259bdd7a40a
- Size
  
  465KB
- MD5
  
  92747180802f8e11183e00c86fe26a28
- SHA1
  
  5988d15adee8438652cb7e5b55d534bf294de179
- SHA256
  
  a26ff0a5d5e20be741d6b6470bd4a08e25a0b4f844ce223979f04259bdd7a40a
- SHA512
  
  2508ba734dcd792ccc0b4a8af2faf95c699191497e4f6261c5651b7c373324aefec78525f9db167efd117d138bcd4bc4faadc2dddddd5af38149fd19951986ec
- SSDEEP
  
  12288:sutrzh9xOXkPLd+jxWLlPgb2Suu208gSDyE0QVFMVxJ2u1n:sutr5OUPL6mlg2ZxgSDD1V2VDJ1n
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2