caa29ec0210e6b847ef9bec405e139f106432db18eeec2ce95b96ef733e09fb9 | Triage

Sharing

General

Target

caa29ec0210e6b847ef9bec405e139f106432db18eeec2ce95b96ef733e09fb9
Size

631KB
Sample

221206-a2k6vsfa2z
MD5

d725941c68aa42f628dbe1097b6cd733
SHA1

af9ee4eef4d176f2c71ddf83841a2f1c2ae3aded
SHA256

caa29ec0210e6b847ef9bec405e139f106432db18eeec2ce95b96ef733e09fb9
SHA512

0e6c904c619db19de4235df71631a4408027023943897486214d448e791acd682d44736c7485f7562c578ccfbc9f2561452c1dca02fe5244d4d4f357974c1def
SSDEEP

12288:jERaXYP3vzh/k/u8OU8bo2KwVaO+kmydYptZauYi7bmadnZ/ktL5zGfcP28:6A03rh/k/GtJxVN0EuX7bmqCLUyp

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  caa29ec0210e6b847ef9bec405e139f106432db18eeec2ce95b96ef733e09fb9
- Size
  
  631KB
- MD5
  
  d725941c68aa42f628dbe1097b6cd733
- SHA1
  
  af9ee4eef4d176f2c71ddf83841a2f1c2ae3aded
- SHA256
  
  caa29ec0210e6b847ef9bec405e139f106432db18eeec2ce95b96ef733e09fb9
- SHA512
  
  0e6c904c619db19de4235df71631a4408027023943897486214d448e791acd682d44736c7485f7562c578ccfbc9f2561452c1dca02fe5244d4d4f357974c1def
- SSDEEP
  
  12288:jERaXYP3vzh/k/u8OU8bo2KwVaO+kmydYptZauYi7bmadnZ/ktL5zGfcP28:6A03rh/k/GtJxVN0EuX7bmqCLUyp
Score

8^/10

discovery persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence