d226c99e9bc6a828927219aa1be52eaa9e0b2ead749b2cc92cde8eb145725add | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d226c99e9bc6a828927219aa1be52eaa9e0b2ead749b2cc92cde8eb145725add
Size

447KB
Sample

221203-etr2nadc94
MD5

66f6540c01e1be01cb78879eff8b219f
SHA1

2cb6c156da4b09ecb4913ef08ca533b3b21b9404
SHA256

d226c99e9bc6a828927219aa1be52eaa9e0b2ead749b2cc92cde8eb145725add
SHA512

9ab83331a81c28aed641b2aefe55942c01f5572f5d05fe9f9beaafaa9a8e3a9a9905a30e284145e77eba506a5446be684f724e56e6406eaf2c76314a2e6bf737
SSDEEP

6144:VL9/cggP/6CEZ9pC7dEmv5woTewAAFbS1XJ0nQKk8i2vRbeRi+mEH+ELLe+5h//K:V5/i8CJEmvDTbSxJmOr7+EXe++ZOg

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  d226c99e9bc6a828927219aa1be52eaa9e0b2ead749b2cc92cde8eb145725add
- Size
  
  447KB
- MD5
  
  66f6540c01e1be01cb78879eff8b219f
- SHA1
  
  2cb6c156da4b09ecb4913ef08ca533b3b21b9404
- SHA256
  
  d226c99e9bc6a828927219aa1be52eaa9e0b2ead749b2cc92cde8eb145725add
- SHA512
  
  9ab83331a81c28aed641b2aefe55942c01f5572f5d05fe9f9beaafaa9a8e3a9a9905a30e284145e77eba506a5446be684f724e56e6406eaf2c76314a2e6bf737
- SSDEEP
  
  6144:VL9/cggP/6CEZ9pC7dEmv5woTewAAFbS1XJ0nQKk8i2vRbeRi+mEH+ELLe+5h//K:V5/i8CJEmvDTbSxJmOr7+EXe++ZOg
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2