c7dd78efea30251ec8a5dc9d5ff5ba92dae3771fb4c9cfb0f44a23bdabcaad52 | Triage

Sharing

General

Target

c7dd78efea30251ec8a5dc9d5ff5ba92dae3771fb4c9cfb0f44a23bdabcaad52
Size

6KB
Sample

230131-j3evxahc7v
MD5

771d211ebe7494a139f2b76fbe7c3704
SHA1

ce312d13a9962bc458d7dbd226ec30c002b1eaba
SHA256

c7dd78efea30251ec8a5dc9d5ff5ba92dae3771fb4c9cfb0f44a23bdabcaad52
SHA512

9ecbbe1f39549dc8b9c33e1cdd1d1de1629dac5fe0911199490b31acac416b7ebf930f6a84abc6bc0f8bb6b09169aaf2ea4cd6515358943807bb125ac93366cb
SSDEEP

96:tw79nOCF/dd7tBfvk+F6AYxsOvk+FUnUvfd3ojqrl:tW9ndFld77vkAYdvkzMfdd

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  c7dd78efea30251ec8a5dc9d5ff5ba92dae3771fb4c9cfb0f44a23bdabcaad52
- Size
  
  6KB
- MD5
  
  771d211ebe7494a139f2b76fbe7c3704
- SHA1
  
  ce312d13a9962bc458d7dbd226ec30c002b1eaba
- SHA256
  
  c7dd78efea30251ec8a5dc9d5ff5ba92dae3771fb4c9cfb0f44a23bdabcaad52
- SHA512
  
  9ecbbe1f39549dc8b9c33e1cdd1d1de1629dac5fe0911199490b31acac416b7ebf930f6a84abc6bc0f8bb6b09169aaf2ea4cd6515358943807bb125ac93366cb
- SSDEEP
  
  96:tw79nOCF/dd7tBfvk+F6AYxsOvk+FUnUvfd3ojqrl:tW9ndFld77vkAYdvkzMfdd
Score

8^/10

persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1