c4fb85a81aabcabe491e1ddba367a9d474aff15a8127198b67bedf2e7f170be1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4fb85a81aabcabe491e1ddba367a9d474aff15a8127198b67bedf2e7f170be1
Size

78KB
Sample

221206-aysrjabh29
MD5

99f46b04c9b526fcadf08e25c8e719dd
SHA1

c91fe4bdac3b1239e5a1e29dead8769c8386be48
SHA256

c4fb85a81aabcabe491e1ddba367a9d474aff15a8127198b67bedf2e7f170be1
SHA512

2002f3eda24f018727ea89381eedb83246e877285596daef47775684f40e6a78775c1a541fd9dea982af9e5e8db58c0bd1d27a74ccad5d66b65883ce59168f95
SSDEEP

1536:uBQYWznMCStqry8al4uvt616csVVz7wC1u07nT1DH:RznMCStqrkLF6ccsVVLd1DH

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  c4fb85a81aabcabe491e1ddba367a9d474aff15a8127198b67bedf2e7f170be1
- Size
  
  78KB
- MD5
  
  99f46b04c9b526fcadf08e25c8e719dd
- SHA1
  
  c91fe4bdac3b1239e5a1e29dead8769c8386be48
- SHA256
  
  c4fb85a81aabcabe491e1ddba367a9d474aff15a8127198b67bedf2e7f170be1
- SHA512
  
  2002f3eda24f018727ea89381eedb83246e877285596daef47775684f40e6a78775c1a541fd9dea982af9e5e8db58c0bd1d27a74ccad5d66b65883ce59168f95
- SSDEEP
  
  1536:uBQYWznMCStqry8al4uvt616csVVz7wC1u07nT1DH:RznMCStqrkLF6ccsVVLd1DH
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2