bdd1bf2e7a3340c4a8b2b53663edc6151fb90457697bc885798e1d831c5389a9 | Triage

Sharing

General

Target

bdd1bf2e7a3340c4a8b2b53663edc6151fb90457697bc885798e1d831c5389a9
Size

76KB
Sample

221206-pyfvashg68
MD5

25a482ed33fb9c015d8d2a84aabc1899
SHA1

707b18a9994fdce60130d10c371a69aa9e61b67d
SHA256

bdd1bf2e7a3340c4a8b2b53663edc6151fb90457697bc885798e1d831c5389a9
SHA512

c52bc6452c87424244698a7f719e87174fffea646d672583a3fb5fd0fbe35bcfacdafc7d8c726a25eab18da729c19e3fce9d860fe0a62bb3a2444bcf1ec9e27b
SSDEEP

768:0NV6kU2XnXMD2HcdSM0NS6XejKg/7VUV+TC8JStwJduD8+cxZPMnAedW0+0TL4b2:MVW2ZijKgF2htwuDxEZPq6o4bbp

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bdd1bf2e7a3340c4a8b2b53663edc6151fb90457697bc885798e1d831c5389a9
- Size
  
  76KB
- MD5
  
  25a482ed33fb9c015d8d2a84aabc1899
- SHA1
  
  707b18a9994fdce60130d10c371a69aa9e61b67d
- SHA256
  
  bdd1bf2e7a3340c4a8b2b53663edc6151fb90457697bc885798e1d831c5389a9
- SHA512
  
  c52bc6452c87424244698a7f719e87174fffea646d672583a3fb5fd0fbe35bcfacdafc7d8c726a25eab18da729c19e3fce9d860fe0a62bb3a2444bcf1ec9e27b
- SSDEEP
  
  768:0NV6kU2XnXMD2HcdSM0NS6XejKg/7VUV+TC8JStwJduD8+cxZPMnAedW0+0TL4b2:MVW2ZijKgF2htwuDxEZPq6o4bbp
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2