28e9dfba2baf10b53dd469efa3e77ae83612761eed3598a2047381ee369e257f | Triage

Sharing

General

Target

28e9dfba2baf10b53dd469efa3e77ae83612761eed3598a2047381ee369e257f
Size

217KB
Sample

221128-clltkaca5z
MD5

4b364f09a91e3f030a8ca9fadff99e3b
SHA1

b193f18200cfe66c0f426b4a65c0a76377081cd1
SHA256

28e9dfba2baf10b53dd469efa3e77ae83612761eed3598a2047381ee369e257f
SHA512

4632fbf292c82f2883ecd30b04d4a7313e9e47d048040c7f32d136d45ee70986357f857f97ec4da4beb1b4b2b3daae61734fcdbb444fdb86f15b345c4d2af469
SSDEEP

3072:r53mQ7JtnP5I09qgmBBAWgjSvwN/oTWaXR:hmKJtna2qgmBNgQwiXR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  28e9dfba2baf10b53dd469efa3e77ae83612761eed3598a2047381ee369e257f
- Size
  
  217KB
- MD5
  
  4b364f09a91e3f030a8ca9fadff99e3b
- SHA1
  
  b193f18200cfe66c0f426b4a65c0a76377081cd1
- SHA256
  
  28e9dfba2baf10b53dd469efa3e77ae83612761eed3598a2047381ee369e257f
- SHA512
  
  4632fbf292c82f2883ecd30b04d4a7313e9e47d048040c7f32d136d45ee70986357f857f97ec4da4beb1b4b2b3daae61734fcdbb444fdb86f15b345c4d2af469
- SSDEEP
  
  3072:r53mQ7JtnP5I09qgmBBAWgjSvwN/oTWaXR:hmKJtna2qgmBNgQwiXR
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2