30a2b97bd8ccdbd2ceb79ffdccfd6069e5883818873da38d4f8e30c81e1ea69f | Triage

Sharing

General

Target

30a2b97bd8ccdbd2ceb79ffdccfd6069e5883818873da38d4f8e30c81e1ea69f
Size

26KB
Sample

221124-e57w9ace71
MD5

e0d1abe7689fa441983a08fc64be1d45
SHA1

a3f7519c35ba254803dc47ee6d53deade072e449
SHA256

30a2b97bd8ccdbd2ceb79ffdccfd6069e5883818873da38d4f8e30c81e1ea69f
SHA512

b83b682668b2bbd1a4b7bbf580540d875242b7f2acc851342717981fc7cbd22cbc26b70f66d2ac635a3285e9ef509de9f5cc204e6e91a7ec6d1aa251f2e494c9
SSDEEP

384:IKL3JZC3MbKEhq0VcAjN5hGgOoyMC4GrmPCOh/pjgNZlSRI4fEX4FxCAJ7vXLry4:Iq0Mb7hegOXMCn0COh/Ych7XD7uSBX

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  30a2b97bd8ccdbd2ceb79ffdccfd6069e5883818873da38d4f8e30c81e1ea69f
- Size
  
  26KB
- MD5
  
  e0d1abe7689fa441983a08fc64be1d45
- SHA1
  
  a3f7519c35ba254803dc47ee6d53deade072e449
- SHA256
  
  30a2b97bd8ccdbd2ceb79ffdccfd6069e5883818873da38d4f8e30c81e1ea69f
- SHA512
  
  b83b682668b2bbd1a4b7bbf580540d875242b7f2acc851342717981fc7cbd22cbc26b70f66d2ac635a3285e9ef509de9f5cc204e6e91a7ec6d1aa251f2e494c9
- SSDEEP
  
  384:IKL3JZC3MbKEhq0VcAjN5hGgOoyMC4GrmPCOh/pjgNZlSRI4fEX4FxCAJ7vXLry4:Iq0Mb7hegOXMCn0COh/Ych7XD7uSBX
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2