972241983ad67d45a3dd1dbf49cf9dbb0a5d890d9e0671acf8007f55a75fb06d | Triage

Sharing

General

Target

972241983ad67d45a3dd1dbf49cf9dbb0a5d890d9e0671acf8007f55a75fb06d
Size

176KB
Sample

221107-nqerlagcan
MD5

0eb844d70381ed27c1da096ceb766fca
SHA1

c79e64a380f629115cf724fd4234c7e40c7add02
SHA256

972241983ad67d45a3dd1dbf49cf9dbb0a5d890d9e0671acf8007f55a75fb06d
SHA512

69f7146f27e40dcd199d2ba52a9b6c073de0262bc3d999d0be1bb357686451fb72cd78c698929e4583d5b382aa569fa15027ce60974d259999bfb374c38d5b49
SSDEEP

3072:+RZy2oewigYI63NNvFNCNZjwQX9P7B+T6rKgaAK2psnd9KiXNbd:IhnNN67Ba6rKgaAK2psndUy

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  972241983ad67d45a3dd1dbf49cf9dbb0a5d890d9e0671acf8007f55a75fb06d
- Size
  
  176KB
- MD5
  
  0eb844d70381ed27c1da096ceb766fca
- SHA1
  
  c79e64a380f629115cf724fd4234c7e40c7add02
- SHA256
  
  972241983ad67d45a3dd1dbf49cf9dbb0a5d890d9e0671acf8007f55a75fb06d
- SHA512
  
  69f7146f27e40dcd199d2ba52a9b6c073de0262bc3d999d0be1bb357686451fb72cd78c698929e4583d5b382aa569fa15027ce60974d259999bfb374c38d5b49
- SSDEEP
  
  3072:+RZy2oewigYI63NNvFNCNZjwQX9P7B+T6rKgaAK2psnd9KiXNbd:IhnNN67Ba6rKgaAK2psndUy
Score

8^/10

persistence
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2