5d818890f85636d428ad2e9a94a80e733ca393938092c0ecdb6fdef701ddc38d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d818890f85636d428ad2e9a94a80e733ca393938092c0ecdb6fdef701ddc38d
Size

104KB
Sample

221030-zr56qabeaj
MD5

a249667ce0de850ad2db703134a3a4fa
SHA1

a48804e445e601f492fe0c2f55131697599f8b76
SHA256

5d818890f85636d428ad2e9a94a80e733ca393938092c0ecdb6fdef701ddc38d
SHA512

c048769be765a29a4a9e9e5e20c900ace96b048f78d363018064f8eda2651f68edd6f6cfaa088ca6a869dd359b3f719118279164536a35e7b43b49a49271b636
SSDEEP

384:/KqJ6dvSzb++QBP9hduYGARiCpdm7r4dwUCG+eMY1eKnI2CTq1hPWUZt0w0sD6iW:ihdvw+9BVxRiyJsVBuvI2kv

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5d818890f85636d428ad2e9a94a80e733ca393938092c0ecdb6fdef701ddc38d
- Size
  
  104KB
- MD5
  
  a249667ce0de850ad2db703134a3a4fa
- SHA1
  
  a48804e445e601f492fe0c2f55131697599f8b76
- SHA256
  
  5d818890f85636d428ad2e9a94a80e733ca393938092c0ecdb6fdef701ddc38d
- SHA512
  
  c048769be765a29a4a9e9e5e20c900ace96b048f78d363018064f8eda2651f68edd6f6cfaa088ca6a869dd359b3f719118279164536a35e7b43b49a49271b636
- SSDEEP
  
  384:/KqJ6dvSzb++QBP9hduYGARiCpdm7r4dwUCG+eMY1eKnI2CTq1hPWUZt0w0sD6iW:ihdvw+9BVxRiyJsVBuvI2kv
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2