4e7e087eeaf40810a29ce802f81c17f694909f01648e4920af1ec5c21bb6f445 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e7e087eeaf40810a29ce802f81c17f694909f01648e4920af1ec5c21bb6f445
Size

549KB
Sample

221129-px9qzsda4y
MD5

71ff0c6c929470b6524cb1dd1b5bcd96
SHA1

a8eb31ad46434d49cd73218f7c533b1ec1987976
SHA256

4e7e087eeaf40810a29ce802f81c17f694909f01648e4920af1ec5c21bb6f445
SHA512

819dd65899b807dcd6bee93e55d2491d59eaa5bd98c5757d8c273d68785d5c5b6554818af537ea91cbdfe195f3e9ab170aedf6d83e63fa68c8b24c537b03f89d
SSDEEP

12288:Y3nZMhJ+ubNdP+Oe/xnfx5knxpVQT7Ced2uceTyAkRiOGjP8:Y3nZqfbzPwxn5ixpVU5o4WIbP8

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4e7e087eeaf40810a29ce802f81c17f694909f01648e4920af1ec5c21bb6f445
- Size
  
  549KB
- MD5
  
  71ff0c6c929470b6524cb1dd1b5bcd96
- SHA1
  
  a8eb31ad46434d49cd73218f7c533b1ec1987976
- SHA256
  
  4e7e087eeaf40810a29ce802f81c17f694909f01648e4920af1ec5c21bb6f445
- SHA512
  
  819dd65899b807dcd6bee93e55d2491d59eaa5bd98c5757d8c273d68785d5c5b6554818af537ea91cbdfe195f3e9ab170aedf6d83e63fa68c8b24c537b03f89d
- SSDEEP
  
  12288:Y3nZMhJ+ubNdP+Oe/xnfx5knxpVQT7Ced2uceTyAkRiOGjP8:Y3nZqfbzPwxn5ixpVU5o4WIbP8
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2