528e78c97c1eb86221dd90f194904bbac0150f70fedbddceceead29035146758 | Triage

Sharing

General

Target

528e78c97c1eb86221dd90f194904bbac0150f70fedbddceceead29035146758
Size

261KB
Sample

221107-qbx1qsggf9
MD5

06ab7ad50e3130d30399b01fac4e35b0
SHA1

59dba12cf943fb4f8026335b09d90f067ea5d3ad
SHA256

528e78c97c1eb86221dd90f194904bbac0150f70fedbddceceead29035146758
SHA512

bb737d79f9a55edc18a59c44017f6a3843f8fb2aa5f39f59e1ca2b7a6366323f8e5a2010fa17647401f3431057765e1c68a8685a6b84f19eec0b749affa216d4
SSDEEP

6144:KhRKv5LKnNthKb1UJBDcDwhp4bmW5iFjgMYHtmxwDwoz0YlTL:+0LKNo1qaAp4bhoFZYH5wy08

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  528e78c97c1eb86221dd90f194904bbac0150f70fedbddceceead29035146758
- Size
  
  261KB
- MD5
  
  06ab7ad50e3130d30399b01fac4e35b0
- SHA1
  
  59dba12cf943fb4f8026335b09d90f067ea5d3ad
- SHA256
  
  528e78c97c1eb86221dd90f194904bbac0150f70fedbddceceead29035146758
- SHA512
  
  bb737d79f9a55edc18a59c44017f6a3843f8fb2aa5f39f59e1ca2b7a6366323f8e5a2010fa17647401f3431057765e1c68a8685a6b84f19eec0b749affa216d4
- SSDEEP
  
  6144:KhRKv5LKnNthKb1UJBDcDwhp4bmW5iFjgMYHtmxwDwoz0YlTL:+0LKNo1qaAp4bhoFZYH5wy08
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2