2afb735d623a3ef3e665b3daac3f64e88949a6dfd37909338a615c06b9f5962c | Triage

Sharing

General

Target

2afb735d623a3ef3e665b3daac3f64e88949a6dfd37909338a615c06b9f5962c
Size

62KB
Sample

221206-bdkqvsdb62
MD5

17ea3b48d092a5f608a0c0b25948b85e
SHA1

c213e3c4c64afbbfbc5e915e68513cee98db8ffe
SHA256

2afb735d623a3ef3e665b3daac3f64e88949a6dfd37909338a615c06b9f5962c
SHA512

f560d4783df2efb9e4e4e67674d59a1ec3d4c4f62cb6cd570649a352914b3572f8a16864db7d264595bf4bea53c9d865a3951cc10b2fb3d3fb5872ba4cd73f43
SSDEEP

768:9jwvAe0e2pg77LLuIgf8spsvg932IGgRjnFbb8ji+o1DqzYcHeUZ:Oig7RyR9HBZFbIO+o1D3U

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2afb735d623a3ef3e665b3daac3f64e88949a6dfd37909338a615c06b9f5962c
- Size
  
  62KB
- MD5
  
  17ea3b48d092a5f608a0c0b25948b85e
- SHA1
  
  c213e3c4c64afbbfbc5e915e68513cee98db8ffe
- SHA256
  
  2afb735d623a3ef3e665b3daac3f64e88949a6dfd37909338a615c06b9f5962c
- SHA512
  
  f560d4783df2efb9e4e4e67674d59a1ec3d4c4f62cb6cd570649a352914b3572f8a16864db7d264595bf4bea53c9d865a3951cc10b2fb3d3fb5872ba4cd73f43
- SSDEEP
  
  768:9jwvAe0e2pg77LLuIgf8spsvg932IGgRjnFbb8ji+o1DqzYcHeUZ:Oig7RyR9HBZFbIO+o1D3U
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2