99d717341e0c7d4886e72d7c3835aa4b50fd3174b8d7e56eb89aef73867c2f3f | Triage

Sharing

General

Target

99d717341e0c7d4886e72d7c3835aa4b50fd3174b8d7e56eb89aef73867c2f3f
Size

888KB
Sample

221206-actfyadb2z
MD5

b6831619b1da8c2ce4e016406b814259
SHA1

e5388ba8b8ad5d1ae6add08978ede34151bfe6d3
SHA256

99d717341e0c7d4886e72d7c3835aa4b50fd3174b8d7e56eb89aef73867c2f3f
SHA512

901f70925f6cc6d4eec97e1ba8078854de2f5a6a0e60744b07bf5754db5a7bc9a0786ca5f71f20bd7a4ab21ded9bea199b4e0ad6fbaff1a3ea5b88bf7d921193
SSDEEP

12288:bWkiy3+Fetw+HpINocmDoiYD04KupS7XHk+lb6Qsh4tGw5tiLS4tNEv8zaKoqVy:bWkc+lcmDnImXzkQsh4B5cm435y

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  99d717341e0c7d4886e72d7c3835aa4b50fd3174b8d7e56eb89aef73867c2f3f
- Size
  
  888KB
- MD5
  
  b6831619b1da8c2ce4e016406b814259
- SHA1
  
  e5388ba8b8ad5d1ae6add08978ede34151bfe6d3
- SHA256
  
  99d717341e0c7d4886e72d7c3835aa4b50fd3174b8d7e56eb89aef73867c2f3f
- SHA512
  
  901f70925f6cc6d4eec97e1ba8078854de2f5a6a0e60744b07bf5754db5a7bc9a0786ca5f71f20bd7a4ab21ded9bea199b4e0ad6fbaff1a3ea5b88bf7d921193
- SSDEEP
  
  12288:bWkiy3+Fetw+HpINocmDoiYD04KupS7XHk+lb6Qsh4tGw5tiLS4tNEv8zaKoqVy:bWkc+lcmDnImXzkQsh4B5cm435y
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2