a890ba07883c905f6769df4bc6e4303ae6673e932ce870e86a6ae8d730439030 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a890ba07883c905f6769df4bc6e4303ae6673e932ce870e86a6ae8d730439030
Size

2.3MB
Sample

221206-rdrgeadh44
MD5

5ef0c7bb541963f3d65be996fe46509a
SHA1

eb80a5219de04c56ba6676c143e4eaa9a819d3e8
SHA256

a890ba07883c905f6769df4bc6e4303ae6673e932ce870e86a6ae8d730439030
SHA512

57859f7a1fcf05b1e4fc051c340c7844b33f64bf2508889ebf3e830505b00edbeeb849ecafa1896f67632450d278ec57bef21967242b2716ab4c5c99280e9b49
SSDEEP

49152:m0tu52BFGSq465jEAE7nHNujk5KmmRZR09dCu/tnRKShKg2Ag:m0UYtP6ont5DmROdp1nQ89dg

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a890ba07883c905f6769df4bc6e4303ae6673e932ce870e86a6ae8d730439030
- Size
  
  2.3MB
- MD5
  
  5ef0c7bb541963f3d65be996fe46509a
- SHA1
  
  eb80a5219de04c56ba6676c143e4eaa9a819d3e8
- SHA256
  
  a890ba07883c905f6769df4bc6e4303ae6673e932ce870e86a6ae8d730439030
- SHA512
  
  57859f7a1fcf05b1e4fc051c340c7844b33f64bf2508889ebf3e830505b00edbeeb849ecafa1896f67632450d278ec57bef21967242b2716ab4c5c99280e9b49
- SSDEEP
  
  49152:m0tu52BFGSq465jEAE7nHNujk5KmmRZR09dCu/tnRKShKg2Ag:m0UYtP6ont5DmROdp1nQ89dg
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2