91b176a2c492d04af1d901b5d90c552f9b67392e7eee3b464e0d4969b6b60c39 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

91b176a2c492d04af1d901b5d90c552f9b67392e7eee3b464e0d4969b6b60c39
Size

21KB
Sample

221204-nk45asdh53
MD5

3c920e23e7c1e2a7b42d690beefeb58c
SHA1

b4dc8b650b82fbc11fda3df63758bbec7f274af6
SHA256

91b176a2c492d04af1d901b5d90c552f9b67392e7eee3b464e0d4969b6b60c39
SHA512

4770cc8aaf08a1a4cc43e0c812d073a1d537b19ea9a3de379e23e151aee386ed3f4d51d3a47f02a46d8d1c17d4e540b4bf735085199e3a19f9ad88022e4d3be8
SSDEEP

384:c7+KhRpHZ9R7MklXPeJdVMdOeY6hvnQE9+F5XRrA:g5/WVCO8fr0

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  91b176a2c492d04af1d901b5d90c552f9b67392e7eee3b464e0d4969b6b60c39
- Size
  
  21KB
- MD5
  
  3c920e23e7c1e2a7b42d690beefeb58c
- SHA1
  
  b4dc8b650b82fbc11fda3df63758bbec7f274af6
- SHA256
  
  91b176a2c492d04af1d901b5d90c552f9b67392e7eee3b464e0d4969b6b60c39
- SHA512
  
  4770cc8aaf08a1a4cc43e0c812d073a1d537b19ea9a3de379e23e151aee386ed3f4d51d3a47f02a46d8d1c17d4e540b4bf735085199e3a19f9ad88022e4d3be8
- SSDEEP
  
  384:c7+KhRpHZ9R7MklXPeJdVMdOeY6hvnQE9+F5XRrA:g5/WVCO8fr0
Score

8^/10

persistence
- Drops file in Drivers directory
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2