d3d1b46c3bcb836f01f3a3d77d23ffa2618cffb64f953978a50f3d281ad5dd66 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.iwbo-d3d1b46c3bcb836f01f3a3d77d23ffa2618cffb64f953978a50f3d281ad5dd66
Size

94KB
Sample

221107-fkmagshdh3
MD5

dc6dc4733186aac2aa3ff6c8a4bbe1f0
SHA1

526e635779c781f02ee80e23b58c517e400cab91
SHA256

d3d1b46c3bcb836f01f3a3d77d23ffa2618cffb64f953978a50f3d281ad5dd66
SHA512

dedb7463d8f44a2429e4be8fff8cb4fbb19bfc1796ed62bb77f8198522f771fb8a500fae50af591736590dec2854f755ef63b25d193387c575317fa8613c298a
SSDEEP

1536:Q54R7NkWER9I6BhCUGBf16nMmisfA9yL95o+Uic3qlEzCOMGsPXIUxA0cK:aIqWJUbsHmimcyrOic3rzCOMGoI4A0D

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.iwbo-d3d1b46c3bcb836f01f3a3d77d23ffa2618cffb64f953978a50f3d281ad5dd66
- Size
  
  94KB
- MD5
  
  dc6dc4733186aac2aa3ff6c8a4bbe1f0
- SHA1
  
  526e635779c781f02ee80e23b58c517e400cab91
- SHA256
  
  d3d1b46c3bcb836f01f3a3d77d23ffa2618cffb64f953978a50f3d281ad5dd66
- SHA512
  
  dedb7463d8f44a2429e4be8fff8cb4fbb19bfc1796ed62bb77f8198522f771fb8a500fae50af591736590dec2854f755ef63b25d193387c575317fa8613c298a
- SSDEEP
  
  1536:Q54R7NkWER9I6BhCUGBf16nMmisfA9yL95o+Uic3qlEzCOMGsPXIUxA0cK:aIqWJUbsHmimcyrOic3rzCOMGoI4A0D
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2