f459b68ca38642268a7dbdb8af15fa07a89d92455a70e3f0f69746e2a0a9058f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f459b68ca38642268a7dbdb8af15fa07a89d92455a70e3f0f69746e2a0a9058f
Size

40KB
Sample

221204-nlewsshg5t
MD5

0d6c520b4ef3904a72a5f857f2dba7b5
SHA1

0a5cc36f19d9577f8808ca410d7205d120377ceb
SHA256

f459b68ca38642268a7dbdb8af15fa07a89d92455a70e3f0f69746e2a0a9058f
SHA512

6961feafbc604487b28844e02495786cd2117ec757065691a118334e133692a0e9f5583d361bddfd3bf6554f7f783edf1a7b645c028479a0aad8cba5facb2013
SSDEEP

768:yfyZgfKDSo2rMOU7XH79aw8p1sWl0yOkM6p6cJ17YfdtBnkhHjrjaMHYEFyBPqLe:kmr4MVr9C1sWlukNIU1wdt+Y4FyBP5

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f459b68ca38642268a7dbdb8af15fa07a89d92455a70e3f0f69746e2a0a9058f
- Size
  
  40KB
- MD5
  
  0d6c520b4ef3904a72a5f857f2dba7b5
- SHA1
  
  0a5cc36f19d9577f8808ca410d7205d120377ceb
- SHA256
  
  f459b68ca38642268a7dbdb8af15fa07a89d92455a70e3f0f69746e2a0a9058f
- SHA512
  
  6961feafbc604487b28844e02495786cd2117ec757065691a118334e133692a0e9f5583d361bddfd3bf6554f7f783edf1a7b645c028479a0aad8cba5facb2013
- SSDEEP
  
  768:yfyZgfKDSo2rMOU7XH79aw8p1sWl0yOkM6p6cJ17YfdtBnkhHjrjaMHYEFyBPqLe:kmr4MVr9C1sWlukNIU1wdt+Y4FyBP5
Score

8^/10

persistence
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2