1acba9d66e3167c54274b64378834ee6798b37b2ff4066dbec1aa63698c163c5 | Triage

Sharing

General

Target

13799937684.zip
Size

85KB
Sample

231222-kxylhagah3
MD5

97877b1419184a5a802ae68de4d3873a
SHA1

8b788edb6d680ccbb53e743e9e6ecf789c5024ee
SHA256

1acba9d66e3167c54274b64378834ee6798b37b2ff4066dbec1aa63698c163c5
SHA512

0b6260c049a5a39b8c8c203303c4c9af7cde4314322c3a5c41a94f75489f6b3cff80cf1cba739365da60a6742a98fa4abff4bf7210df2ca646b7cad996606e8e
SSDEEP

1536:pr3PW7Q78avEoFPn7M1Z9F4ILZYn1Bx8IOEO+hx5Qqm7lbL2d9Y34EpY8h94:pbPkavEoFPo9+9y3Ef4qmRbWYIEpZh94

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  b78b162232ed3eb495de8fc553e32cf93098ca9bca17ee791956555b5042b72c
- Size
  
  157KB
- MD5
  
  7c711ea527dece150c377ba6ea303173
- SHA1
  
  3624262b051b9a570c150ade6826dc6c2dfd5b2c
- SHA256
  
  b78b162232ed3eb495de8fc553e32cf93098ca9bca17ee791956555b5042b72c
- SHA512
  
  d584d98545f087957c2c2f17b03c6ca4848923bd6fb51363600cd0ca846e8b75ffdf5b77fb028dd3a82abd95c84e4746e226f38050143cb21623763065819b38
- SSDEEP
  
  3072:/PjIFolBu5vM1B93DFv+eGBtlTNzydaC8zHYHHJWaW1e0jj5R13pMjub:XMFoauzzHGBtlJ8aYsaQjyub
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2