bd4c7b0cfc2d43179a5161a384f977c1208567ff4b90c759659f797a698fa6b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd4c7b0cfc2d43179a5161a384f977c1208567ff4b90c759659f797a698fa6b6
Size

487KB
Sample

221205-jyk65aaf43
MD5

144d95940a4130faf9423155cd0da5d8
SHA1

07b61f5958746f5f9c1194c5f606c4a483393c08
SHA256

bd4c7b0cfc2d43179a5161a384f977c1208567ff4b90c759659f797a698fa6b6
SHA512

d9e5f20567fdf9d61ec3c84edc9324ac155d3e833948ff13d441492292bd8bd994de43a46070fdf8c1747cb78acd80ba7b854e4305bac70cb6091d21fb36028a
SSDEEP

6144:oPM9yw5XVALDaiLyHSUHlbks4SsSpmgfLuNDKTe2ccCWo3u:TdZiLYSUqs4SRpmVKTe2cnWo+

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bd4c7b0cfc2d43179a5161a384f977c1208567ff4b90c759659f797a698fa6b6
- Size
  
  487KB
- MD5
  
  144d95940a4130faf9423155cd0da5d8
- SHA1
  
  07b61f5958746f5f9c1194c5f606c4a483393c08
- SHA256
  
  bd4c7b0cfc2d43179a5161a384f977c1208567ff4b90c759659f797a698fa6b6
- SHA512
  
  d9e5f20567fdf9d61ec3c84edc9324ac155d3e833948ff13d441492292bd8bd994de43a46070fdf8c1747cb78acd80ba7b854e4305bac70cb6091d21fb36028a
- SSDEEP
  
  6144:oPM9yw5XVALDaiLyHSUHlbks4SsSpmgfLuNDKTe2ccCWo3u:TdZiLYSUqs4SRpmVKTe2cnWo+
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2