d512d4dfff3ff99cf39176b37069b86e72b97432dbd604b70c8720461a23bf10 | Triage

Sharing

General

Target

d512d4dfff3ff99cf39176b37069b86e72b97432dbd604b70c8720461a23bf10
Size

134KB
Sample

230831-wl2pkagh2w
MD5

9ef642f586807db3d6fea16159162463
SHA1

3d8155ad5c297e0aab5072204c8ba60b2c541639
SHA256

d512d4dfff3ff99cf39176b37069b86e72b97432dbd604b70c8720461a23bf10
SHA512

52432aca3d61b75b424f3ee7a1f4ecbeee3772b2608400a359b62bdcc7b5c1a577ae4e94885c640fdca19f1de735a2188662077661c1780adb2416601f9b7358
SSDEEP

3072:c4IF+Oq3KGsUOh8VWjQYRwuZRm4eW0I1P3p9WYQ9CWPFQLKvj10:cHFxnUOhuWJwuG+fHFQ9C4F7vm

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  svchost/svchost.exe
- Size
  
  268KB
- MD5
  
  43d08c0cf431e081e4b85515f8ed6e56
- SHA1
  
  980b13a9fbf712a80b45444dc63f9b95a8e2f4bc
- SHA256
  
  4f77019c9028fe94ff2995127578c40685b57ad4181cfd16c08a736e4a9cded2
- SHA512
  
  5d672c19aa02a09b8ecd5f59b421cb9399eca2a45982e0ef87e4fcedcacd67b200c8f9c6582e93c5285dcc2f5257e200d4e812c51ade165491986d36719a1293
- SSDEEP
  
  6144:Ta53bJhs0W69hd1MMdxPe9N9uA0Fu9TBAwzVgBxpyuDMk2kcVef+gKP3v:O1bjXFu9Tu8fd7/
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2