aef73bdf68358454d2457c41024c212efec15d607d5f50d1ad1a9c90b7f39c0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aef73bdf68358454d2457c41024c212efec15d607d5f50d1ad1a9c90b7f39c0f
Size

175KB
Sample

221130-3bvltsea33
MD5

2599333a694e33fa15d4365d459256a0
SHA1

21876de3e03efa3bbc0d407df94d63e0a7861b56
SHA256

aef73bdf68358454d2457c41024c212efec15d607d5f50d1ad1a9c90b7f39c0f
SHA512

b3a19aaa5bc0f1c08b91a043e6efb79cb15e8ca0e1ec5276e0bb1ee6646e77212fb74cf0ad75749dc3c265a33e228d2605814c1e739f8fee9b6b468ee04108da
SSDEEP

3072:805jAKZJoMUCNvmfsjXTeTRtkpsaVw7h1rdMohldcFwt60RTqxqPJkcBdlrvrRsF:84oM1NvmfmXS86hVdMoviFwBqxq7jRsR

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  aef73bdf68358454d2457c41024c212efec15d607d5f50d1ad1a9c90b7f39c0f
- Size
  
  175KB
- MD5
  
  2599333a694e33fa15d4365d459256a0
- SHA1
  
  21876de3e03efa3bbc0d407df94d63e0a7861b56
- SHA256
  
  aef73bdf68358454d2457c41024c212efec15d607d5f50d1ad1a9c90b7f39c0f
- SHA512
  
  b3a19aaa5bc0f1c08b91a043e6efb79cb15e8ca0e1ec5276e0bb1ee6646e77212fb74cf0ad75749dc3c265a33e228d2605814c1e739f8fee9b6b468ee04108da
- SSDEEP
  
  3072:805jAKZJoMUCNvmfsjXTeTRtkpsaVw7h1rdMohldcFwt60RTqxqPJkcBdlrvrRsF:84oM1NvmfmXS86hVdMoviFwBqxq7jRsR
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2