aefd3734fbb0d12d2a4d9ed8856d32d6d3c7a51a5f74819fa1160a74f96ce11a | Triage

Sharing

General

Target

aefd3734fbb0d12d2a4d9ed8856d32d6d3c7a51a5f74819fa1160a74f96ce11a
Size

5.3MB
Sample

221125-yamsdadd81
MD5

f5933875c7005f0dd97ee34c75285af2
SHA1

8afac045e42019475f04e01c8b7c7ee840c8ad1a
SHA256

aefd3734fbb0d12d2a4d9ed8856d32d6d3c7a51a5f74819fa1160a74f96ce11a
SHA512

8c73878c85ed0f938a2dd6e24f925cbf21e036b04b5ee14f7bdf021853260c95f23fb22e92f81b84fdbadb41fe27ff73f6f753f72bc782fc553ffd081f8f62bb
SSDEEP

98304:6zjwk9Mdso+6KIjS8bTt6SpX36rvB3nq2kqDsUQKgesSYunR/qVzVdZfqQHbT:4w0MHXb5H0W6VnPsn5LSYuRufh3

Score

8^/10

Malware Config

Targets

- Target
  
  aefd3734fbb0d12d2a4d9ed8856d32d6d3c7a51a5f74819fa1160a74f96ce11a
- Size
  
  5.3MB
- MD5
  
  f5933875c7005f0dd97ee34c75285af2
- SHA1
  
  8afac045e42019475f04e01c8b7c7ee840c8ad1a
- SHA256
  
  aefd3734fbb0d12d2a4d9ed8856d32d6d3c7a51a5f74819fa1160a74f96ce11a
- SHA512
  
  8c73878c85ed0f938a2dd6e24f925cbf21e036b04b5ee14f7bdf021853260c95f23fb22e92f81b84fdbadb41fe27ff73f6f753f72bc782fc553ffd081f8f62bb
- SSDEEP
  
  98304:6zjwk9Mdso+6KIjS8bTt6SpX36rvB3nq2kqDsUQKgesSYunR/qVzVdZfqQHbT:4w0MHXb5H0W6VnPsn5LSYuRufh3
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2