813db5ecba86722ade3cafe7fbf8feb830671cbf5714bf4d93ed4b9255513831 | Triage

Sharing

General

Target

813db5ecba86722ade3cafe7fbf8feb830671cbf5714bf4d93ed4b9255513831
Size

1.7MB
Sample

221203-mleqcsca72
MD5

b20dd1e0157f6b1949bd8a030ab99c75
SHA1

c8ccdd8eed17d3344aacb385775c0f1280079c0c
SHA256

813db5ecba86722ade3cafe7fbf8feb830671cbf5714bf4d93ed4b9255513831
SHA512

2744c31319a2981ca22dd76f91159adfcc4474873eb04734549d2bde9f772b522cd1dead070b97eb783e8a0b7809e76c2fa0dd177315ea4dca08f7507f86f78b
SSDEEP

49152:HZ1KHFSwP63DaRz2Pn/xU9K3/lF9+pIH+YAYcRJRjS:HqH1P6zaMpU9idX+pIHHwK

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  813db5ecba86722ade3cafe7fbf8feb830671cbf5714bf4d93ed4b9255513831
- Size
  
  1.7MB
- MD5
  
  b20dd1e0157f6b1949bd8a030ab99c75
- SHA1
  
  c8ccdd8eed17d3344aacb385775c0f1280079c0c
- SHA256
  
  813db5ecba86722ade3cafe7fbf8feb830671cbf5714bf4d93ed4b9255513831
- SHA512
  
  2744c31319a2981ca22dd76f91159adfcc4474873eb04734549d2bde9f772b522cd1dead070b97eb783e8a0b7809e76c2fa0dd177315ea4dca08f7507f86f78b
- SSDEEP
  
  49152:HZ1KHFSwP63DaRz2Pn/xU9K3/lF9+pIH+YAYcRJRjS:HqH1P6zaMpU9idX+pIHHwK
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2