21813e7f14561c7e3580a013df4dfa47ba4fcebbb8c5fe9b61eab8f891cf28bf | Triage

Sharing

General

Target

21813e7f14561c7e3580a013df4dfa47ba4fcebbb8c5fe9b61eab8f891cf28bf
Size

53KB
Sample

221030-rcwdzadec5
MD5

a3b6c66325e4dc4d50d144f558f37b50
SHA1

5e7cbc7f1c0f19a061059a972aabaf7647be43a9
SHA256

21813e7f14561c7e3580a013df4dfa47ba4fcebbb8c5fe9b61eab8f891cf28bf
SHA512

ed372fcdd448ac358919980c61d0a10545a45c15962632aeb1844668e7e83871ef9da925f9a87b6058f12b870de28e539c522b1cb77276bc8ee5bb214f39a745
SSDEEP

1536:ArMJHdrwV7lD/H70jNIDcY6ZPbPOSTSB0KwyubIm:X9h0t/QBIIM0KwfIm

Score

8^/10

Malware Config

Targets

- Target
  
  21813e7f14561c7e3580a013df4dfa47ba4fcebbb8c5fe9b61eab8f891cf28bf
- Size
  
  53KB
- MD5
  
  a3b6c66325e4dc4d50d144f558f37b50
- SHA1
  
  5e7cbc7f1c0f19a061059a972aabaf7647be43a9
- SHA256
  
  21813e7f14561c7e3580a013df4dfa47ba4fcebbb8c5fe9b61eab8f891cf28bf
- SHA512
  
  ed372fcdd448ac358919980c61d0a10545a45c15962632aeb1844668e7e83871ef9da925f9a87b6058f12b870de28e539c522b1cb77276bc8ee5bb214f39a745
- SSDEEP
  
  1536:ArMJHdrwV7lD/H70jNIDcY6ZPbPOSTSB0KwyubIm:X9h0t/QBIIM0KwfIm
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2