301db1409408d2fed0ad0126c665d06f076807f9e38e49377ab79d0ec9cb0bde | Triage

Sharing

General

Target

301db1409408d2fed0ad0126c665d06f076807f9e38e49377ab79d0ec9cb0bde
Size

1.3MB
Sample

221127-ngys4sge6z
MD5

17d61b9d67f0a76218e756e34d9b1986
SHA1

ec2df08b686fa0b1b4fbf92601255faa71111887
SHA256

301db1409408d2fed0ad0126c665d06f076807f9e38e49377ab79d0ec9cb0bde
SHA512

1a145ee20e4d58675afd6aec2074b57aecb4bbb3ef4c74eef886ab74fe9036db5580800ad78b2b851924484452b38c91336cddb49fa95bc0ab27c4c32b3dabbb
SSDEEP

24576:JYshbEjfhLN1sxAmHkwl2W54wdgjlpaGXad:JJa97zmHjl2xvaGKd

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  301db1409408d2fed0ad0126c665d06f076807f9e38e49377ab79d0ec9cb0bde
- Size
  
  1.3MB
- MD5
  
  17d61b9d67f0a76218e756e34d9b1986
- SHA1
  
  ec2df08b686fa0b1b4fbf92601255faa71111887
- SHA256
  
  301db1409408d2fed0ad0126c665d06f076807f9e38e49377ab79d0ec9cb0bde
- SHA512
  
  1a145ee20e4d58675afd6aec2074b57aecb4bbb3ef4c74eef886ab74fe9036db5580800ad78b2b851924484452b38c91336cddb49fa95bc0ab27c4c32b3dabbb
- SSDEEP
  
  24576:JYshbEjfhLN1sxAmHkwl2W54wdgjlpaGXad:JJa97zmHjl2xvaGKd
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2