95f61542c808473f05741c4e81a1e6541cde9e23cff77102bfb83a74d594a5c6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95f61542c808473f05741c4e81a1e6541cde9e23cff77102bfb83a74d594a5c6
Size

380KB
Sample

221203-zx9fbsac7w
MD5

7e32b15bb7b8f360069cdda45a0bc586
SHA1

e6164c61845d71348854146e1dd686626b873e1c
SHA256

95f61542c808473f05741c4e81a1e6541cde9e23cff77102bfb83a74d594a5c6
SHA512

4bd833f5d765fc17b0263d8f1a51a3f26e7f2ce88cb1d8d067c218ce790c62a0eb2674874b9fd6c6847e8507bbc3bbb71f82bc66e46aeda481aa79bf81deeed0
SSDEEP

6144:QoDxqVZPb98PcOkLzNrXR36bAqkwHgmbZMDhNGPtad9Q0fFVqFwWYdYk:J0VZPb9KcJN5is7G1YRFVqCWc7

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  95f61542c808473f05741c4e81a1e6541cde9e23cff77102bfb83a74d594a5c6
- Size
  
  380KB
- MD5
  
  7e32b15bb7b8f360069cdda45a0bc586
- SHA1
  
  e6164c61845d71348854146e1dd686626b873e1c
- SHA256
  
  95f61542c808473f05741c4e81a1e6541cde9e23cff77102bfb83a74d594a5c6
- SHA512
  
  4bd833f5d765fc17b0263d8f1a51a3f26e7f2ce88cb1d8d067c218ce790c62a0eb2674874b9fd6c6847e8507bbc3bbb71f82bc66e46aeda481aa79bf81deeed0
- SSDEEP
  
  6144:QoDxqVZPb98PcOkLzNrXR36bAqkwHgmbZMDhNGPtad9Q0fFVqFwWYdYk:J0VZPb9KcJN5is7G1YRFVqCWc7
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2