b22ac8fd6760c1d214fb72dcc2a85ded81ee3c49c056cabbcdf1dc0f66bd79c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b22ac8fd6760c1d214fb72dcc2a85ded81ee3c49c056cabbcdf1dc0f66bd79c5
Size

183KB
Sample

221203-sf41yseg2x
MD5

611199144ce7b79a13db9bcc2192de70
SHA1

1161c376c4b1c239a469d772ae3057ff1eb6f2f4
SHA256

b22ac8fd6760c1d214fb72dcc2a85ded81ee3c49c056cabbcdf1dc0f66bd79c5
SHA512

ea79df3b98dd52ce786196d434789983e87782dfcaa799e14472b30fbaa37df79b9d95b430b4566b163540c28a658d46762ff9db638e253c2d3298ebcd8e6cb8
SSDEEP

3072:5JGLsk3TuNXX13ChTiX4bgbYil7lSWjXPNKIWEpdcg43ZsrM:kp3TuNXX8AU6EqMItQsA

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b22ac8fd6760c1d214fb72dcc2a85ded81ee3c49c056cabbcdf1dc0f66bd79c5
- Size
  
  183KB
- MD5
  
  611199144ce7b79a13db9bcc2192de70
- SHA1
  
  1161c376c4b1c239a469d772ae3057ff1eb6f2f4
- SHA256
  
  b22ac8fd6760c1d214fb72dcc2a85ded81ee3c49c056cabbcdf1dc0f66bd79c5
- SHA512
  
  ea79df3b98dd52ce786196d434789983e87782dfcaa799e14472b30fbaa37df79b9d95b430b4566b163540c28a658d46762ff9db638e253c2d3298ebcd8e6cb8
- SSDEEP
  
  3072:5JGLsk3TuNXX13ChTiX4bgbYil7lSWjXPNKIWEpdcg43ZsrM:kp3TuNXX8AU6EqMItQsA
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2