d9b6be4d59c3ef48f9cbb12b1eb59f9d03423ff3f67dea5d83963e441caf8d97 | Triage

Sharing

General

Target

d9b6be4d59c3ef48f9cbb12b1eb59f9d03423ff3f67dea5d83963e441caf8d97
Size

13KB
Sample

221125-py1vgacd4w
MD5

fb496a55e0a42fb8de703988546d2e3d
SHA1

bd383200045c2cd93a996b524809fabf923eddce
SHA256

d9b6be4d59c3ef48f9cbb12b1eb59f9d03423ff3f67dea5d83963e441caf8d97
SHA512

7f533580743a5b69412658e7453a594dc5875f125a9e2e73812c02e7e30cfcccb7df6f8c3f7a48a16018a4a263fea1601b7e04e661dac1d1b86a5669e0c1c444
SSDEEP

384:uGzzVqiGagRYwZSFFOECXCghDSHXWmZg1r+9f7qN:FzxqagRYwZSGECXCgMmsgV/N

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  d9b6be4d59c3ef48f9cbb12b1eb59f9d03423ff3f67dea5d83963e441caf8d97
- Size
  
  13KB
- MD5
  
  fb496a55e0a42fb8de703988546d2e3d
- SHA1
  
  bd383200045c2cd93a996b524809fabf923eddce
- SHA256
  
  d9b6be4d59c3ef48f9cbb12b1eb59f9d03423ff3f67dea5d83963e441caf8d97
- SHA512
  
  7f533580743a5b69412658e7453a594dc5875f125a9e2e73812c02e7e30cfcccb7df6f8c3f7a48a16018a4a263fea1601b7e04e661dac1d1b86a5669e0c1c444
- SSDEEP
  
  384:uGzzVqiGagRYwZSFFOECXCghDSHXWmZg1r+9f7qN:FzxqagRYwZSGECXCgMmsgV/N
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2