7236532915a21b62234e8bc06c68a25da7917f73d8a5248dc95bef8ec89f072f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7236532915a21b62234e8bc06c68a25da7917f73d8a5248dc95bef8ec89f072f
Size

246KB
Sample

221129-jr6jgsad62
MD5

85cb7aaacfbd8c31ba1eaaa016f4eb54
SHA1

1ea5271d64dacbcc0176f19d3a6be7811e7d2fa0
SHA256

7236532915a21b62234e8bc06c68a25da7917f73d8a5248dc95bef8ec89f072f
SHA512

7bbaa89bf5acc670d27f4ae5575ee381791d1569602357c03a401303010647dd49d4ffd37b2e9850c8058bf211fb603ae932ff0a4c3e6caac3b7bbf3798a2bfc
SSDEEP

6144:W+1qhNH3naQUcNAEO9ar4GEA/BVTQqJ6tHO:W+wqJcCGQu6HO

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7236532915a21b62234e8bc06c68a25da7917f73d8a5248dc95bef8ec89f072f
- Size
  
  246KB
- MD5
  
  85cb7aaacfbd8c31ba1eaaa016f4eb54
- SHA1
  
  1ea5271d64dacbcc0176f19d3a6be7811e7d2fa0
- SHA256
  
  7236532915a21b62234e8bc06c68a25da7917f73d8a5248dc95bef8ec89f072f
- SHA512
  
  7bbaa89bf5acc670d27f4ae5575ee381791d1569602357c03a401303010647dd49d4ffd37b2e9850c8058bf211fb603ae932ff0a4c3e6caac3b7bbf3798a2bfc
- SSDEEP
  
  6144:W+1qhNH3naQUcNAEO9ar4GEA/BVTQqJ6tHO:W+wqJcCGQu6HO
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2