db91984c22f9e6bab9a8637f4b9231155b8dbef1024259da0de03b5274c87a22 | Triage

Sharing

General

Target

db91984c22f9e6bab9a8637f4b9231155b8dbef1024259da0de03b5274c87a22
Size

209KB
Sample

221106-rpbkbshcdr
MD5

0c8cdae0e49a91a4febfcce34f5e68b6
SHA1

54b73015316b1f223c9df4ec992b1ec9e0fee939
SHA256

db91984c22f9e6bab9a8637f4b9231155b8dbef1024259da0de03b5274c87a22
SHA512

61f40e535086cebf600cd7e45b5ada8936a75734677a3af7f2bd60697f64076870793dfef2127e1a08a68b92d7609eb9ef0f8320f462cc59a15ca707d8cb585b
SSDEEP

3072:9mEOmgAseVHLj+77azdRDMigGOEcI2TwrC/crthxWepiHpYOk:9nAAseVHm7aznJJ/2eIJ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  db91984c22f9e6bab9a8637f4b9231155b8dbef1024259da0de03b5274c87a22
- Size
  
  209KB
- MD5
  
  0c8cdae0e49a91a4febfcce34f5e68b6
- SHA1
  
  54b73015316b1f223c9df4ec992b1ec9e0fee939
- SHA256
  
  db91984c22f9e6bab9a8637f4b9231155b8dbef1024259da0de03b5274c87a22
- SHA512
  
  61f40e535086cebf600cd7e45b5ada8936a75734677a3af7f2bd60697f64076870793dfef2127e1a08a68b92d7609eb9ef0f8320f462cc59a15ca707d8cb585b
- SSDEEP
  
  3072:9mEOmgAseVHLj+77azdRDMigGOEcI2TwrC/crthxWepiHpYOk:9nAAseVHm7aznJJ/2eIJ
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2