201eda697f3c0a2bc732ee572240db5ee00e659f32ceab34d70f5adb56c37be6 | Triage

Sharing

General

Target

201eda697f3c0a2bc732ee572240db5ee00e659f32ceab34d70f5adb56c37be6
Size

206KB
Sample

221122-lrxbxshc22
MD5

397274aa8167c58ef72f28bc03351a43
SHA1

bea78819e92c222e5a7e92d36d40176714d46d06
SHA256

201eda697f3c0a2bc732ee572240db5ee00e659f32ceab34d70f5adb56c37be6
SHA512

203f549f1f617be8261ae8d4189bba3fef359b3e2e1f00a28bf61b33a1d2ccd6c5931e58167956212d6169b4156b2a9f6493cbfa653f7170fff86316d2e60221
SSDEEP

3072:5wxVMhOC/dTDbq91+mno3t4QZQ3raVsNT+s+YNRXA5ZqpyTfbP:5TfFDbRnOTraya5YNRwCyLbP

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  201eda697f3c0a2bc732ee572240db5ee00e659f32ceab34d70f5adb56c37be6
- Size
  
  206KB
- MD5
  
  397274aa8167c58ef72f28bc03351a43
- SHA1
  
  bea78819e92c222e5a7e92d36d40176714d46d06
- SHA256
  
  201eda697f3c0a2bc732ee572240db5ee00e659f32ceab34d70f5adb56c37be6
- SHA512
  
  203f549f1f617be8261ae8d4189bba3fef359b3e2e1f00a28bf61b33a1d2ccd6c5931e58167956212d6169b4156b2a9f6493cbfa653f7170fff86316d2e60221
- SSDEEP
  
  3072:5wxVMhOC/dTDbq91+mno3t4QZQ3raVsNT+s+YNRXA5ZqpyTfbP:5TfFDbRnOTraya5YNRwCyLbP
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2