76d658bfc9ccc2e74cd4e4ef834506828072c49db03cac869f3b7d4146391335 | Triage

Sharing

General

Target

socks5-clean.exe
Size

268KB
Sample

230630-pmdkssbb66
MD5

21eaa1da67a8d9f3b76b4a63a1da1442
SHA1

677a156ca20cabf46fce1085e8743344ce075e9f
SHA256

76d658bfc9ccc2e74cd4e4ef834506828072c49db03cac869f3b7d4146391335
SHA512

f031d2746248b956246f2addc433160f1e677bb313e27eba33c6f0f3bccb7c2d7a2a0f9ef6e5474f867a57067c1ae06767e2fd9dd575618397cfc0997a2f43d1
SSDEEP

3072:GpUWWln1EUWTQG9VnK+DMEMrvk1imdV8hXYKWF9j85WXuNSrq1k9jhQR8+t4Hk9q:g61E/QSnxoEMTlXEulock9X+t40VMeY

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  socks5-clean.exe
- Size
  
  268KB
- MD5
  
  21eaa1da67a8d9f3b76b4a63a1da1442
- SHA1
  
  677a156ca20cabf46fce1085e8743344ce075e9f
- SHA256
  
  76d658bfc9ccc2e74cd4e4ef834506828072c49db03cac869f3b7d4146391335
- SHA512
  
  f031d2746248b956246f2addc433160f1e677bb313e27eba33c6f0f3bccb7c2d7a2a0f9ef6e5474f867a57067c1ae06767e2fd9dd575618397cfc0997a2f43d1
- SSDEEP
  
  3072:GpUWWln1EUWTQG9VnK+DMEMrvk1imdV8hXYKWF9j85WXuNSrq1k9jhQR8+t4Hk9q:g61E/QSnxoEMTlXEulock9X+t40VMeY
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2