5808c7e62dce46fa071c6db60dc3e18ffe78ca6035ea538e1230c81a112b8e80 | Triage

Sharing

General

Target

5808c7e62dce46fa071c6db60dc3e18ffe78ca6035ea538e1230c81a112b8e80
Size

17KB
Sample

221106-epynmsedcm
MD5

1f3a92a87e03e84dee8266ca655ec15c
SHA1

81525b632d6762923141b288e370c94d1cddb3be
SHA256

5808c7e62dce46fa071c6db60dc3e18ffe78ca6035ea538e1230c81a112b8e80
SHA512

23881d3003b7919f5604bf31ff2cc3d335371f54db014f64040e25d8b7811780c64eb8342860bc71a512e54e3290a4fb4b0a6b7765bd3302e4b77e3dec535aef
SSDEEP

384:rvj7yr5Ev6WP3nutQ5+cG5OTCOspuqGGFlIbx8AQBkSi60AtLcT5APtBKhKmh:rvKrVc3+QI9pzllaOhtIT5AVBKhK8

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  5808c7e62dce46fa071c6db60dc3e18ffe78ca6035ea538e1230c81a112b8e80
- Size
  
  17KB
- MD5
  
  1f3a92a87e03e84dee8266ca655ec15c
- SHA1
  
  81525b632d6762923141b288e370c94d1cddb3be
- SHA256
  
  5808c7e62dce46fa071c6db60dc3e18ffe78ca6035ea538e1230c81a112b8e80
- SHA512
  
  23881d3003b7919f5604bf31ff2cc3d335371f54db014f64040e25d8b7811780c64eb8342860bc71a512e54e3290a4fb4b0a6b7765bd3302e4b77e3dec535aef
- SSDEEP
  
  384:rvj7yr5Ev6WP3nutQ5+cG5OTCOspuqGGFlIbx8AQBkSi60AtLcT5APtBKhKmh:rvKrVc3+QI9pzllaOhtIT5AVBKhK8
Score

8^/10

persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2