9cd9bc2c5b2e5438b11d3beb811edaab0fb39717450fa6553a1b10e6b9c54cdd | Triage

Sharing

General

Target

9cd9bc2c5b2e5438b11d3beb811edaab0fb39717450fa6553a1b10e6b9c54cdd
Size

12KB
Sample

221124-n5vrcscb62
MD5

e82a922eb20993329e9c640994a28c97
SHA1

a3d65dd0f9f24e23008cfb121200b26c425c3281
SHA256

9cd9bc2c5b2e5438b11d3beb811edaab0fb39717450fa6553a1b10e6b9c54cdd
SHA512

05b4bae7c0e164ebe4fd7503ac0ce08194becd817ba38240e61412dc825c10f21ffde53fa49329d9a06d871c6e29016a63baca145f0b7ab75de97c62f73b8a12
SSDEEP

384:nc5HKiTs1X7YnByiOWzP7SREdxPPHDfaEoY:cJKxCnBywfPdFj+Y

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  9cd9bc2c5b2e5438b11d3beb811edaab0fb39717450fa6553a1b10e6b9c54cdd
- Size
  
  12KB
- MD5
  
  e82a922eb20993329e9c640994a28c97
- SHA1
  
  a3d65dd0f9f24e23008cfb121200b26c425c3281
- SHA256
  
  9cd9bc2c5b2e5438b11d3beb811edaab0fb39717450fa6553a1b10e6b9c54cdd
- SHA512
  
  05b4bae7c0e164ebe4fd7503ac0ce08194becd817ba38240e61412dc825c10f21ffde53fa49329d9a06d871c6e29016a63baca145f0b7ab75de97c62f73b8a12
- SSDEEP
  
  384:nc5HKiTs1X7YnByiOWzP7SREdxPPHDfaEoY:cJKxCnBywfPdFj+Y
Score

8^/10

persistence
- Drops file in Drivers directory
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2