e5b13427e4b32697363139c741aae505aea4029f16d500d4b93cfddcd4e4c05e | Triage

Resubmissions

22-02-2023 10:59

230222-m3twlsba32 1

21-02-2023 17:57

230221-wjyvwsfg66 10

Sharing

General

Target

winrar-x64-621d.exe
Size

3.6MB
Sample

230221-wjyvwsfg66
MD5

2ea8bf1895df09f82a4c2aea3c3db68b
SHA1

29edf8f6f379a0bb91ebf8aedc82709a8e7ad91f
SHA256

e5b13427e4b32697363139c741aae505aea4029f16d500d4b93cfddcd4e4c05e
SHA512

34b985f193166c27e8f9e947184d35c7814f7f0a7b5e2e83e8706bab204817882ed450ea5619ad5036bfa0638a518bb23dd301a8885d8690d7781a84d69f2ba2
SSDEEP

98304:eXBOBfKZt4UEAHiCf8zCgsUhG3qZocPI3c:eX/Zt4bWf5EG3q1V

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  winrar-x64-621d.exe
- Size
  
  3.6MB
- MD5
  
  2ea8bf1895df09f82a4c2aea3c3db68b
- SHA1
  
  29edf8f6f379a0bb91ebf8aedc82709a8e7ad91f
- SHA256
  
  e5b13427e4b32697363139c741aae505aea4029f16d500d4b93cfddcd4e4c05e
- SHA512
  
  34b985f193166c27e8f9e947184d35c7814f7f0a7b5e2e83e8706bab204817882ed450ea5619ad5036bfa0638a518bb23dd301a8885d8690d7781a84d69f2ba2
- SSDEEP
  
  98304:eXBOBfKZt4UEAHiCf8zCgsUhG3qZocPI3c:eX/Zt4bWf5EG3q1V
Score

10^/10

discovery persistence
- Modifies system executable filetype association
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence