91efea42fecceb536239ffd59dc9c0ab873ee744ce2b64ee0e7ea31bc9564cc0 | Triage

Sharing

General

Target

91efea42fecceb536239ffd59dc9c0ab873ee744ce2b64ee0e7ea31bc9564cc0
Size

367KB
Sample

221129-rr1bgagf58
MD5

73cd715094f2de0ef393e0fcb900434a
SHA1

c154b55a5e5ecab16f7b823552861d4d2c5268da
SHA256

91efea42fecceb536239ffd59dc9c0ab873ee744ce2b64ee0e7ea31bc9564cc0
SHA512

7114230f658bf8a633842800299cc45af6ee5a0ea94cd3c9a8100b88cb4ba6780aa5706b19a28209c3e2c79f42542d1e6f2434a745993f9f9d24600031507e7e
SSDEEP

6144:J1dlZro5yiOXUf80T2RwpF4qxTp5TRV2X4NpiVuesYUCpll:J1dlZo5yDAiwp/TptRoX47iwesYll

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  91efea42fecceb536239ffd59dc9c0ab873ee744ce2b64ee0e7ea31bc9564cc0
- Size
  
  367KB
- MD5
  
  73cd715094f2de0ef393e0fcb900434a
- SHA1
  
  c154b55a5e5ecab16f7b823552861d4d2c5268da
- SHA256
  
  91efea42fecceb536239ffd59dc9c0ab873ee744ce2b64ee0e7ea31bc9564cc0
- SHA512
  
  7114230f658bf8a633842800299cc45af6ee5a0ea94cd3c9a8100b88cb4ba6780aa5706b19a28209c3e2c79f42542d1e6f2434a745993f9f9d24600031507e7e
- SSDEEP
  
  6144:J1dlZro5yiOXUf80T2RwpF4qxTp5TRV2X4NpiVuesYUCpll:J1dlZo5yDAiwp/TptRoX47iwesYll
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2