2395ecb8e87f0adb6f05d1d744f6a1a8b3c879da1f66b0595b42d6255fd699bf | Triage

Sharing

General

Target

2395ecb8e87f0adb6f05d1d744f6a1a8b3c879da1f66b0595b42d6255fd699bf
Size

266KB
Sample

221125-ed42aadb7x
MD5

2cb2263fbbb5b37da978cc1f95e49d78
SHA1

0dd604e58dd31895c4cf05fa56c6542f7cbaf70d
SHA256

2395ecb8e87f0adb6f05d1d744f6a1a8b3c879da1f66b0595b42d6255fd699bf
SHA512

d37e83952551cca504bc19e937ce196fd41da73733fcaff93250ed9f2d065df41f9bc758dc24ee6960dd90fecf64daadbd42b538c278320db7fe50bd2b6b5d70
SSDEEP

6144:LhYpsFSyAAGzPcSa5Ug0gEEcKHXFRLFp3kwj11TFFFFFFTFAFFFFTrZFFmvFSa:OpsNAAGrcSaYNE1VRDGa

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2395ecb8e87f0adb6f05d1d744f6a1a8b3c879da1f66b0595b42d6255fd699bf
- Size
  
  266KB
- MD5
  
  2cb2263fbbb5b37da978cc1f95e49d78
- SHA1
  
  0dd604e58dd31895c4cf05fa56c6542f7cbaf70d
- SHA256
  
  2395ecb8e87f0adb6f05d1d744f6a1a8b3c879da1f66b0595b42d6255fd699bf
- SHA512
  
  d37e83952551cca504bc19e937ce196fd41da73733fcaff93250ed9f2d065df41f9bc758dc24ee6960dd90fecf64daadbd42b538c278320db7fe50bd2b6b5d70
- SSDEEP
  
  6144:LhYpsFSyAAGzPcSa5Ug0gEEcKHXFRLFp3kwj11TFFFFFFTFAFFFFTrZFFmvFSa:OpsNAAGrcSaYNE1VRDGa
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2