e45833cc1b31266b7b8772389417ef4bdfbc423242c713cb59185eb869e30947 | Triage

Sharing

General

Target

e45833cc1b31266b7b8772389417ef4bdfbc423242c713cb59185eb869e30947
Size

134KB
Sample

221130-sapdbadc2w
MD5

e14d8800c4bf7823a7da6cf931a06869
SHA1

b3921f7bf4bfffcb13a7ec7a27e0ea511b3dd9c9
SHA256

e45833cc1b31266b7b8772389417ef4bdfbc423242c713cb59185eb869e30947
SHA512

b6b2b32c221e0bc1ef6744c41a93241079bdd360371dbd65e25acf112b1de035fb7bfda0e47753d4a9f75c4a76a8f48d1a0b04383322ac27e78a13f2557d71ee
SSDEEP

3072:lq6+ouCpk2mpcWJ0r+QNTBfQkXSJmQZYs:lldk1cWQRNTBIoXm/

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  e45833cc1b31266b7b8772389417ef4bdfbc423242c713cb59185eb869e30947
- Size
  
  134KB
- MD5
  
  e14d8800c4bf7823a7da6cf931a06869
- SHA1
  
  b3921f7bf4bfffcb13a7ec7a27e0ea511b3dd9c9
- SHA256
  
  e45833cc1b31266b7b8772389417ef4bdfbc423242c713cb59185eb869e30947
- SHA512
  
  b6b2b32c221e0bc1ef6744c41a93241079bdd360371dbd65e25acf112b1de035fb7bfda0e47753d4a9f75c4a76a8f48d1a0b04383322ac27e78a13f2557d71ee
- SSDEEP
  
  3072:lq6+ouCpk2mpcWJ0r+QNTBfQkXSJmQZYs:lldk1cWQRNTBIoXm/
Score

8^/10

discovery exploit
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

BITS Jobs

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Permissions Modification

BITS Jobs

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

discoveryexploit

behavioral2

discoveryexploit