2dd9a65c3f6b730eb7903576dbc8221e15d105e6d90f31078342b4ab0ab5c3e3 | Triage

Sharing

General

Target

m (2).zip
Size

107.8MB
Sample

230203-2a3elsbe25
MD5

d0ef2aed876ae1a0b5514516c02e0dd2
SHA1

72578b8a9ae60ce0417cccfdeb8a2f7e271cb612
SHA256

2dd9a65c3f6b730eb7903576dbc8221e15d105e6d90f31078342b4ab0ab5c3e3
SHA512

00d2d184cbc6e8252f9297ba83fb18fc58ca544055b960332f73f10c3c60eb966d90536ce6d245fd8b4e372f4dfde01960b3090c3006f6284272750bce2c410c
SSDEEP

3145728:23X10rmEDmcdmUgU4ChmOIEpvJpsf/arPsUcRIo:2VY3phdhdkfiPsUcp

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  m/MSVCR100.dll
- Size
  
  755KB
- MD5
  
  bf38660a9125935658cfa3e53fdc7d65
- SHA1
  
  0b51fb415ec89848f339f8989d323bea722bfd70
- SHA256
  
  60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
- SHA512
  
  25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
- SSDEEP
  
  12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
Score

3^/10
behavioral1 behavioral2
- Target
  
  m/WebView2Loader.dll
- Size
  
  105KB
- MD5
  
  61e6b94ab6109254fbef360681f5b80d
- SHA1
  
  204a5eda5fea33a56edb33b9ccd40af635a04564
- SHA256
  
  446b4d19ed8fa1563b77a7f36261b76911b208af1d00a805d54e44b01ca3f54a
- SHA512
  
  93fad29f13c0a18e4864ddf57aeba882fb411b84f6dff993b87295a1b5e4b488433802c2150fbf25a3132379dc2eb3aa02d836059b0ef24a2db4269eb0795a9b
- SSDEEP
  
  3072:iTC3F6JkULenwAFqz5pV3+Zqocv0T+EtO5pf+gMl/1:iuV66kL5pjxEtqpWRl/1
Score

3^/10
behavioral3 behavioral4
- Target
  
  m/exe.png
- Size
  
  872KB
- MD5
  
  c56b5f0201a3b3de53e561fe76912bfd
- SHA1
  
  2a4062e10a5de813f5688221dbeb3f3ff33eb417
- SHA256
  
  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- SHA512
  
  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
- SSDEEP
  
  12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Score

3^/10
behavioral5 behavioral6
- Target
  
  m/i7.exe
- Size
  
  15KB
- MD5
  
  4afcab972e98ecbf855f915b2739f508
- SHA1
  
  615dc2fa827fab39e16a7e9721f484e7f4d34f8e
- SHA256
  
  7cc34a5423bd3fc9fa63d20ebece4103e22e4360df5b9caa2b461069dac77f4d
- SHA512
  
  58258f74d7e35c5a83234a98bc033846be5a65146bd992e738a8678706a18c30759bd405fbb30a296181e2f92acb0219df8979030cc45d1cdec6ac06e8bc00d5
- SSDEEP
  
  384:Gpsx5cnV21mSHhV8b+lee84SzFnYPLr7aq:GpscnfS/8KUe8jC7aq
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8
- Target
  
  m/jli.dll
- Size
  
  3.0MB
- MD5
  
  d191f6fb9b857ef9582d9cef384ada76
- SHA1
  
  6e56365832f0720aaebcb1c95e078a33693dd7fc
- SHA256
  
  3ff68c4ffe42d93d56ecaefba28c30a39ba1a7dd1a3c7f20c598b554a1963752
- SHA512
  
  1e01a707a90228ec872257100da5b1dfa6707dbe20ec5fc3302d8c07279e282f3cdddcd2c2c65117abee9273d1ea90375eb2017046acf1a2a607195cc8b673ec
- SSDEEP
  
  49152:BJuGduLQN+BbS52nGzzk1kO7QOifwbQ/ROuGxSZc5Lb:+G0MLzDOBifw9F
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

discoverypersistence

behavioral9

behavioral10