f44ebade58a3b184c41f1e6b79782ed30babef8d2cee8040c2d83ab6dc76207f | Triage

Sharing

General

Target

f44ebade58a3b184c41f1e6b79782ed30babef8d2cee8040c2d83ab6dc76207f
Size

91KB
Sample

221124-vg7vcagd59
MD5

c705ddabeefe13f8ecf929de434c9ee8
SHA1

6d936f1b60c073d33f5da247b8fedea2b65c7dd6
SHA256

f44ebade58a3b184c41f1e6b79782ed30babef8d2cee8040c2d83ab6dc76207f
SHA512

cd08f91c052e1c99d2f71611a15bf49fa9181ed46e763edb7ebf0018ac6443c0e9283afa193dbd068bcc31070063694717572d38a6d46503934cc8f40a5e56d0
SSDEEP

1536:ZuDrQ+zFRK1sa1ZfsTMpBCqZQgjTu3690cj4t8fCcDjhIM/d1aAVw68hcXbjJz5v:oD5yJDUTMpBfQoqCj4t8fCcDjP/DaAVT

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  .exe
- Size
  
  176KB
- MD5
  
  eebfdbc8bf820a7751f02050b0f5cd16
- SHA1
  
  721db8bf3778570d6cd18fb749030ce99704d094
- SHA256
  
  8ba41c7311481426b3858304c2ef122c3121123abcb9387c8b0bd300b1c5fe39
- SHA512
  
  aaa37c396de5e3bdc7ef2c5ce620646192349953f7fbf7dedcdb0f3d81c24b33a6ef05a5d501c08f58df86f1fd0356ee902fccd24da20c9c5ae90aa87c15cf3f
- SSDEEP
  
  3072:tsGkrEM7aAMll8bqndiaxemXELx9HRkF/aZNJosLtFLFEKWP1Ih:+V7El8bIdia50TzNJoUHLCl
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2