9e866e6389c9d36f943f9cb9c7d86f1b6f332dc4e12cccf24a40597df4ca9b11 | Triage

Sharing

General

Target

9e866e6389c9d36f943f9cb9c7d86f1b6f332dc4e12cccf24a40597df4ca9b11
Size

274KB
Sample

221129-nypxjafc43
MD5

aa56e5691d75776e68b6b2f860eb3cca
SHA1

11cf6535b217e2f73e0433fdadcdfd3ef0923513
SHA256

9e866e6389c9d36f943f9cb9c7d86f1b6f332dc4e12cccf24a40597df4ca9b11
SHA512

3c84ca5fcb6fb3313d6c332af788a8277a4c71526a3ec75c32539434798af0802af94b999cbdbcdcebaf2acc485ea95728e2fee5ee6f84f6f7e8380dca42d89e
SSDEEP

6144:ysaocyLC0cZIgFtJzNhXgDh82eRmHPyIgYSjsJ+LjMdkly2hD:ytobLEJzNVgsRgsYYvMCEo

Score

8^/10

Malware Config

Targets

- Target
  
  9e866e6389c9d36f943f9cb9c7d86f1b6f332dc4e12cccf24a40597df4ca9b11
- Size
  
  274KB
- MD5
  
  aa56e5691d75776e68b6b2f860eb3cca
- SHA1
  
  11cf6535b217e2f73e0433fdadcdfd3ef0923513
- SHA256
  
  9e866e6389c9d36f943f9cb9c7d86f1b6f332dc4e12cccf24a40597df4ca9b11
- SHA512
  
  3c84ca5fcb6fb3313d6c332af788a8277a4c71526a3ec75c32539434798af0802af94b999cbdbcdcebaf2acc485ea95728e2fee5ee6f84f6f7e8380dca42d89e
- SSDEEP
  
  6144:ysaocyLC0cZIgFtJzNhXgDh82eRmHPyIgYSjsJ+LjMdkly2hD:ytobLEJzNVgsRgsYYvMCEo
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2