18cf2ec90e51d778b8e375ee652cb1be2641a0277767ae9a06e5814c98e5cac3 | Triage

Sharing

General

Target

18cf2ec90e51d778b8e375ee652cb1be2641a0277767ae9a06e5814c98e5cac3
Size

1.0MB
Sample

221207-bhrpzabc74
MD5

5b6c66e563d58f109037893a00ec2597
SHA1

ce6305c94ab8a67ec6fac0e27fddf22c96a0e550
SHA256

18cf2ec90e51d778b8e375ee652cb1be2641a0277767ae9a06e5814c98e5cac3
SHA512

36b56994424b2d15690b681eae89d70618bf8905731c22ad647e566ba450172b5c9f543c38addb80b32ce350ca8ba0494ab4fafb1294cbd7582135cb4d77526d
SSDEEP

12288:oP97VMS8Btcq58JYuQmRR2geC/nEXn0vVybfitBZLr:SxVb83cq5wQmRQgeCvc0vVsiTLr

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  18cf2ec90e51d778b8e375ee652cb1be2641a0277767ae9a06e5814c98e5cac3
- Size
  
  1.0MB
- MD5
  
  5b6c66e563d58f109037893a00ec2597
- SHA1
  
  ce6305c94ab8a67ec6fac0e27fddf22c96a0e550
- SHA256
  
  18cf2ec90e51d778b8e375ee652cb1be2641a0277767ae9a06e5814c98e5cac3
- SHA512
  
  36b56994424b2d15690b681eae89d70618bf8905731c22ad647e566ba450172b5c9f543c38addb80b32ce350ca8ba0494ab4fafb1294cbd7582135cb4d77526d
- SSDEEP
  
  12288:oP97VMS8Btcq58JYuQmRR2geC/nEXn0vVybfitBZLr:SxVb83cq5wQmRQgeCvc0vVsiTLr
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2