c0036195bb7a23e6800420c46fad86725bf7a1a4da24c688dde304f8e42674d1 | Triage

Resubmissions

23/10/2023, 12:19

231023-phhnysae25 7

12/01/2023, 07:49

230112-jnz8asfe24 7

Sharing

Copy URL Twitter E-mail

General

Target

c0036195bb7a23e6800420c46fad86725bf7a1a4da24c688dde304f8e42674d1
Size

2.2MB
Sample

231023-phhnysae25
MD5

edcd5ff1c2af9451405d430052c60660
SHA1

a55ac633303713c61b0dd475bba409e00640d739
SHA256

c0036195bb7a23e6800420c46fad86725bf7a1a4da24c688dde304f8e42674d1
SHA512

1e85cf10e05cce9744e3861787102e40abbbe593e507365e980db04abd1cbbebe3d3feb26da22221f6c1987cc0665f66328c4d09e2229bf7cf28d95697c78f46
SSDEEP

6144:uImoAFu+OykdGpxysrz5Tjuf9/ddlZi3F23FukA1kAb0rEbrESZU8wFjNHN:FGONdGpxyoljc/d9EM3E790rEbrEz

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Updates on AJEX DAGITPA 2022 on 200900 Oct 22.pdf.exe
- Size
  
  1.8MB
- MD5
  
  7c22121f33af2bad8656ac09300416ee
- SHA1
  
  81852cb9950604eda0918f625c71b0962865db23
- SHA256
  
  3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2
- SHA512
  
  6e3f750326f185a36ae3abdd99efb4adba435767ba5973a2b3fe73403d51806f596129d24a980a24df1b501ed635ecfa2e90a81ec235fc12af04f64306b817e8
- SSDEEP
  
  3072:EMibZuTpOeyp0uTpOMckAKckAGDpA5NlKrss1ywKrss1ySZDvYONDzVFdC5wFVHv:B3F23FukA1kAb0rEbrESZU8wFjNHNI
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2