005bbd1ef3e4d1548ba262f7b75a165d736cc69581d4bfd782197a939c732ea4 | Triage

Sharing

General

Target

005bbd1ef3e4d1548ba262f7b75a165d736cc69581d4bfd782197a939c732ea4
Size

872KB
Sample

221123-xmgapaad8w
MD5

d1aaea7fb88f4bb180607bf35503f1b6
SHA1

e4da9552b4964ca9fbbf7bfd63022a29568c04dd
SHA256

005bbd1ef3e4d1548ba262f7b75a165d736cc69581d4bfd782197a939c732ea4
SHA512

b1f7f89d1bb7c01d55e386ce49ab9bd73888bda43a2f6a117261b5037c8361b1282a450330258b84b1b60c5f4b6176c28232bf4b0a1dd36477a32b996f1a4754
SSDEEP

24576:iWAT8QE+kM7oO2DyDTUV3y89c0LwrHeclcp7C1P+U:iWAI+7v7mc0LwHlcpFU

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  005bbd1ef3e4d1548ba262f7b75a165d736cc69581d4bfd782197a939c732ea4
- Size
  
  872KB
- MD5
  
  d1aaea7fb88f4bb180607bf35503f1b6
- SHA1
  
  e4da9552b4964ca9fbbf7bfd63022a29568c04dd
- SHA256
  
  005bbd1ef3e4d1548ba262f7b75a165d736cc69581d4bfd782197a939c732ea4
- SHA512
  
  b1f7f89d1bb7c01d55e386ce49ab9bd73888bda43a2f6a117261b5037c8361b1282a450330258b84b1b60c5f4b6176c28232bf4b0a1dd36477a32b996f1a4754
- SSDEEP
  
  24576:iWAT8QE+kM7oO2DyDTUV3y89c0LwrHeclcp7C1P+U:iWAI+7v7mc0LwHlcpFU
Score

8^/10

discovery persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence