92312c5a0dbb06c27f4fa24451ecaef5c4eb7bfcc57f4ba8b8437e7f75bc7a95 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

92312c5a0dbb06c27f4fa24451ecaef5c4eb7bfcc57f4ba8b8437e7f75bc7a95
Size

27KB
Sample

221127-sw7rsagg42
MD5

e893d065f8b1dede07405abcdacf362a
SHA1

0428b75445992be5751e340b73879205f9c1470c
SHA256

92312c5a0dbb06c27f4fa24451ecaef5c4eb7bfcc57f4ba8b8437e7f75bc7a95
SHA512

8a895c710da76624b3887da8a04f05bd079c72726950517a14bfafa0bbf01f66fe9c4c60c52c523d8453c3996060c42b91eaf4cf68c089e05f92ac736a51137d
SSDEEP

768:QCFFwCzYjOoYMukC+L0mNvjaRziDG/jDQjjmWTe+Hc9zst/:vn0CH3+L0mNvjaRziDG/jDQjjmW9Hc9k

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  92312c5a0dbb06c27f4fa24451ecaef5c4eb7bfcc57f4ba8b8437e7f75bc7a95
- Size
  
  27KB
- MD5
  
  e893d065f8b1dede07405abcdacf362a
- SHA1
  
  0428b75445992be5751e340b73879205f9c1470c
- SHA256
  
  92312c5a0dbb06c27f4fa24451ecaef5c4eb7bfcc57f4ba8b8437e7f75bc7a95
- SHA512
  
  8a895c710da76624b3887da8a04f05bd079c72726950517a14bfafa0bbf01f66fe9c4c60c52c523d8453c3996060c42b91eaf4cf68c089e05f92ac736a51137d
- SSDEEP
  
  768:QCFFwCzYjOoYMukC+L0mNvjaRziDG/jDQjjmWTe+Hc9zst/:vn0CH3+L0mNvjaRziDG/jDQjjmW9Hc9k
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2