f081aff290b96a63ded62dcdec5c548b7a83a1b7df2faf2fe9bf16df435b890c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f081aff290b96a63ded62dcdec5c548b7a83a1b7df2faf2fe9bf16df435b890c
Size

158KB
Sample

221206-3j5f1aha2s
MD5

eb59d58706dc05f7a73b338b593c00ec
SHA1

7edafd519c846d391caa54347e65f0bada8ec478
SHA256

f081aff290b96a63ded62dcdec5c548b7a83a1b7df2faf2fe9bf16df435b890c
SHA512

6531cb5242fd59125b4df74381b0c85698056b7b25b8f911ff0d5e67f663945fe0a8e5e4923125a76aad75c9d40a654e197bd0d94e6a04ff7887b6f5ef9fb528
SSDEEP

3072:cSuKWO46D4PydkX4ykeaGybFjuvcZbmcy/yB8nT:3/46dkICaGyhjuLT

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f081aff290b96a63ded62dcdec5c548b7a83a1b7df2faf2fe9bf16df435b890c
- Size
  
  158KB
- MD5
  
  eb59d58706dc05f7a73b338b593c00ec
- SHA1
  
  7edafd519c846d391caa54347e65f0bada8ec478
- SHA256
  
  f081aff290b96a63ded62dcdec5c548b7a83a1b7df2faf2fe9bf16df435b890c
- SHA512
  
  6531cb5242fd59125b4df74381b0c85698056b7b25b8f911ff0d5e67f663945fe0a8e5e4923125a76aad75c9d40a654e197bd0d94e6a04ff7887b6f5ef9fb528
- SSDEEP
  
  3072:cSuKWO46D4PydkX4ykeaGybFjuvcZbmcy/yB8nT:3/46dkICaGyhjuLT
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2