1003bd98a8bd98815d1c57dc91c68e7f844901bbce8fa5dfb858fb488707a4bb | Triage

Sharing

General

Target

1003bd98a8bd98815d1c57dc91c68e7f844901bbce8fa5dfb858fb488707a4bb
Size

499KB
Sample

221126-2yqqqafa2z
MD5

4d9bfe9335af7c620e1fdc6a57a2417f
SHA1

a233274ecaa4ed9cb2cb0a7e5f2f0d1bb9cff093
SHA256

1003bd98a8bd98815d1c57dc91c68e7f844901bbce8fa5dfb858fb488707a4bb
SHA512

93d2d456bfc978c196f6a29de682b02d276463dc139ceab9855c05b8dd2205f6d6844e21acc6cd9f3ca9bc6b7a59d78eb6b0d8aa81fc8cb779884a077972a800
SSDEEP

6144:QpiZV0gyN8X+VtBG/37c2aLQEM/8ER0u+GIIIIIIIhIIIIIIIIIIIIIIIUk:QpY0gyN8uDBGJ2QNvm5k

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  1003bd98a8bd98815d1c57dc91c68e7f844901bbce8fa5dfb858fb488707a4bb
- Size
  
  499KB
- MD5
  
  4d9bfe9335af7c620e1fdc6a57a2417f
- SHA1
  
  a233274ecaa4ed9cb2cb0a7e5f2f0d1bb9cff093
- SHA256
  
  1003bd98a8bd98815d1c57dc91c68e7f844901bbce8fa5dfb858fb488707a4bb
- SHA512
  
  93d2d456bfc978c196f6a29de682b02d276463dc139ceab9855c05b8dd2205f6d6844e21acc6cd9f3ca9bc6b7a59d78eb6b0d8aa81fc8cb779884a077972a800
- SSDEEP
  
  6144:QpiZV0gyN8X+VtBG/37c2aLQEM/8ER0u+GIIIIIIIhIIIIIIIIIIIIIIIUk:QpY0gyN8uDBGJ2QNvm5k
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2