bd9f3a72419c6a5e71806aaede5881a611f368e10beaa15171ba8bce8d73b877 | Triage

Sharing

General

Target

bd9f3a72419c6a5e71806aaede5881a611f368e10beaa15171ba8bce8d73b877
Size

245KB
Sample

221203-qgb1fsch73
MD5

15e91dca93549b6bf03c7671bc979bd9
SHA1

c1750227f11ae6919539da2d22682c46248a7494
SHA256

bd9f3a72419c6a5e71806aaede5881a611f368e10beaa15171ba8bce8d73b877
SHA512

5c50b17e7276098d1a7309908c1f581b2cbac0a0687475efae00feb7d5a275e0bcff95c32c9c64551e90f0044fa29f8658d28835483445be4b8e686f808a31c6
SSDEEP

6144:8C1fTk+Y3KKYnM93zllD5zq8ezw0Hkouf80PzW8g2eWX/XYl13s:lbG3KKiAnDAzwdoufjHLdh

Score

9^/10

persistence

Malware Config

Targets

- Target
  
  bd9f3a72419c6a5e71806aaede5881a611f368e10beaa15171ba8bce8d73b877
- Size
  
  245KB
- MD5
  
  15e91dca93549b6bf03c7671bc979bd9
- SHA1
  
  c1750227f11ae6919539da2d22682c46248a7494
- SHA256
  
  bd9f3a72419c6a5e71806aaede5881a611f368e10beaa15171ba8bce8d73b877
- SHA512
  
  5c50b17e7276098d1a7309908c1f581b2cbac0a0687475efae00feb7d5a275e0bcff95c32c9c64551e90f0044fa29f8658d28835483445be4b8e686f808a31c6
- SSDEEP
  
  6144:8C1fTk+Y3KKYnM93zllD5zq8ezw0Hkouf80PzW8g2eWX/XYl13s:lbG3KKiAnDAzwdoufjHLdh
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2