17b242a5fbf58f2f8568109d02b92c0bbe8068ad30ad57fbf076fadc1d878c51 | Triage

Sharing

General

Target

17b242a5fbf58f2f8568109d02b92c0bbe8068ad30ad57fbf076fadc1d878c51
Size

238KB
Sample

221125-j76jesgg71
MD5

7166f744dfdbd8de9ed0485e330a8abc
SHA1

0008fa745478b377772747b08d6106f39634b7ac
SHA256

17b242a5fbf58f2f8568109d02b92c0bbe8068ad30ad57fbf076fadc1d878c51
SHA512

3a7ef43b26a6c7c908f6132c14f0a9315e48c74d7d286e0e3fc5c00dc0d5ce660d2fa8343e54cdfaf167ebac3686ed1d60004c40c6eb8610d56f7d271c4a831d
SSDEEP

3072:sahKyd2n31H5GWp1icKAArDZz4N9GhbkrNEkB4nQRnS0rxcNPxKDKpJweUBn9qVv:sahOnp0yN90QEMlS0GNPsDfeUBI1

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  17b242a5fbf58f2f8568109d02b92c0bbe8068ad30ad57fbf076fadc1d878c51
- Size
  
  238KB
- MD5
  
  7166f744dfdbd8de9ed0485e330a8abc
- SHA1
  
  0008fa745478b377772747b08d6106f39634b7ac
- SHA256
  
  17b242a5fbf58f2f8568109d02b92c0bbe8068ad30ad57fbf076fadc1d878c51
- SHA512
  
  3a7ef43b26a6c7c908f6132c14f0a9315e48c74d7d286e0e3fc5c00dc0d5ce660d2fa8343e54cdfaf167ebac3686ed1d60004c40c6eb8610d56f7d271c4a831d
- SSDEEP
  
  3072:sahKyd2n31H5GWp1icKAArDZz4N9GhbkrNEkB4nQRnS0rxcNPxKDKpJweUBn9qVv:sahOnp0yN90QEMlS0GNPsDfeUBI1
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2