b4fa78e39b79f3391c2db675066676f8fd79525eabd412a5d382b99de31d7603 | Triage

Sharing

General

Target

b4fa78e39b79f3391c2db675066676f8fd79525eabd412a5d382b99de31d7603
Size

1.7MB
Sample

221129-trpk3shb6s
MD5

127620f44eca43b9f9265b7fd3edf9f2
SHA1

d59560df3f4b25e02740f7ac947c1e5fd7b5b06b
SHA256

b4fa78e39b79f3391c2db675066676f8fd79525eabd412a5d382b99de31d7603
SHA512

fa40da9966bff040483290a460455cbf697198cba3cb56db97d3f61149d10aa00f20c5e9e1d2e25dd2749f31f380a057250756811ef66f26a85027ae60695660
SSDEEP

49152:HE5YpCQJIFa3LtQ0SSvliWMZ6VrzjWiGntyBZTMudY60:k6pDIY5ditZiOiO0BZTMv

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b4fa78e39b79f3391c2db675066676f8fd79525eabd412a5d382b99de31d7603
- Size
  
  1.7MB
- MD5
  
  127620f44eca43b9f9265b7fd3edf9f2
- SHA1
  
  d59560df3f4b25e02740f7ac947c1e5fd7b5b06b
- SHA256
  
  b4fa78e39b79f3391c2db675066676f8fd79525eabd412a5d382b99de31d7603
- SHA512
  
  fa40da9966bff040483290a460455cbf697198cba3cb56db97d3f61149d10aa00f20c5e9e1d2e25dd2749f31f380a057250756811ef66f26a85027ae60695660
- SSDEEP
  
  49152:HE5YpCQJIFa3LtQ0SSvliWMZ6VrzjWiGntyBZTMudY60:k6pDIY5ditZiOiO0BZTMv
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2