861b129ee262305212a02a67f1a040615e54466f30161be8f9b6572b5c6c858d | Triage

Sharing

General

Target

861b129ee262305212a02a67f1a040615e54466f30161be8f9b6572b5c6c858d
Size

3.7MB
Sample

221203-b3qneade62
MD5

f3b7c340b037e4dd587433f88f0a935d
SHA1

f190469979fbc12f9a68be3057cf23371669c06c
SHA256

861b129ee262305212a02a67f1a040615e54466f30161be8f9b6572b5c6c858d
SHA512

497fe341db208033c9d60a7991ccd61503886fcbabfa10b3bbf40e615243f1bc05de9c15735c275063eb66a40fbdd5c56ff8348fd5a4b71c54217f15716f4d60
SSDEEP

98304:Co0x08Z6EUhulnlc9R3UfHOjTv8ZEO4Tg7y35k1K7FtBh2ag:CRxjJUQlneMfHOjTvkeY+lLg

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  861b129ee262305212a02a67f1a040615e54466f30161be8f9b6572b5c6c858d
- Size
  
  3.7MB
- MD5
  
  f3b7c340b037e4dd587433f88f0a935d
- SHA1
  
  f190469979fbc12f9a68be3057cf23371669c06c
- SHA256
  
  861b129ee262305212a02a67f1a040615e54466f30161be8f9b6572b5c6c858d
- SHA512
  
  497fe341db208033c9d60a7991ccd61503886fcbabfa10b3bbf40e615243f1bc05de9c15735c275063eb66a40fbdd5c56ff8348fd5a4b71c54217f15716f4d60
- SSDEEP
  
  98304:Co0x08Z6EUhulnlc9R3UfHOjTv8ZEO4Tg7y35k1K7FtBh2ag:CRxjJUQlneMfHOjTvkeY+lLg
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2