ac72ba9b9f9e7c32dacc9aab2c6f651163acbf6013aabd2691e28553d2e08aee | Triage

Sharing

General

Target

ac72ba9b9f9e7c32dacc9aab2c6f651163acbf6013aabd2691e28553d2e08aee
Size

908KB
Sample

221203-sy293scf36
MD5

29bea19331f3cc3ea9df51ad081d70ab
SHA1

ceadab9a23fc578caeb44ffcd46bb619d45f482b
SHA256

ac72ba9b9f9e7c32dacc9aab2c6f651163acbf6013aabd2691e28553d2e08aee
SHA512

413f9a491d1a710107fcb5baa465cfb51b6f3a0d55b25144940afba43b69f3c7767647ce9a55fc0e4625b0a96f8b4c24dfd38ec99a10697be2fa7a7f749e1869
SSDEEP

12288:QcQgCJcyk4S6QesXwuwMZnEGWzjcIEZXL4LUYCok7rA7WU+KGt9dUX:QNcyk44DAOWzv+p1yMzdUX

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ac72ba9b9f9e7c32dacc9aab2c6f651163acbf6013aabd2691e28553d2e08aee
- Size
  
  908KB
- MD5
  
  29bea19331f3cc3ea9df51ad081d70ab
- SHA1
  
  ceadab9a23fc578caeb44ffcd46bb619d45f482b
- SHA256
  
  ac72ba9b9f9e7c32dacc9aab2c6f651163acbf6013aabd2691e28553d2e08aee
- SHA512
  
  413f9a491d1a710107fcb5baa465cfb51b6f3a0d55b25144940afba43b69f3c7767647ce9a55fc0e4625b0a96f8b4c24dfd38ec99a10697be2fa7a7f749e1869
- SSDEEP
  
  12288:QcQgCJcyk4S6QesXwuwMZnEGWzjcIEZXL4LUYCok7rA7WU+KGt9dUX:QNcyk44DAOWzv+p1yMzdUX
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2