e082740894e8f3a755e8bad76e02aec09af35d3d129e8620c5c29ff847124059 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e082740894e8f3a755e8bad76e02aec09af35d3d129e8620c5c29ff847124059
Size

248KB
Sample

230113-gxmmfsad8t
MD5

758af0d15522dbc905e2ce91fff4d394
SHA1

2f62d64aebee525415e7911977ae3824bc2ae12e
SHA256

e082740894e8f3a755e8bad76e02aec09af35d3d129e8620c5c29ff847124059
SHA512

6d3a1961751464bc9ee325b4dac9d87fc894959a43d15a75d25b0ee32d6a814b53a2c98034c544bd3bd8aeeda49cbb43de5bd3fd7dea417ee6ed023d1f74ecbd
SSDEEP

3072:8lCDqsuLBe6J8bQzorFB4xOPkuZajIRX60000VuyoP:eCxeBfuQ8sW60000VZoP

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e082740894e8f3a755e8bad76e02aec09af35d3d129e8620c5c29ff847124059
- Size
  
  248KB
- MD5
  
  758af0d15522dbc905e2ce91fff4d394
- SHA1
  
  2f62d64aebee525415e7911977ae3824bc2ae12e
- SHA256
  
  e082740894e8f3a755e8bad76e02aec09af35d3d129e8620c5c29ff847124059
- SHA512
  
  6d3a1961751464bc9ee325b4dac9d87fc894959a43d15a75d25b0ee32d6a814b53a2c98034c544bd3bd8aeeda49cbb43de5bd3fd7dea417ee6ed023d1f74ecbd
- SSDEEP
  
  3072:8lCDqsuLBe6J8bQzorFB4xOPkuZajIRX60000VuyoP:eCxeBfuQ8sW60000VZoP
Score

8^/10

evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence