fca8047c1c621b6b2678a8ea6f2717e4914be22a3e091a6b04584e48e5da9487 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6c496f1d2f528ff18b4d6e2027a747a
Size

17KB
Sample

231222-refrashde9
MD5

b6c496f1d2f528ff18b4d6e2027a747a
SHA1

9fc62b43fb40f90a7be355cf4cc99f16eedfebfc
SHA256

fca8047c1c621b6b2678a8ea6f2717e4914be22a3e091a6b04584e48e5da9487
SHA512

bbbcb6b92f88bc4bb2fe7212fca30af06c5a98d33488776db7c911c67f7e82bb924e41f33b1eae342a62b6b1da458fa2545fc1d7be703f95cbfef4d58eba69de
SSDEEP

384:JFub/Ng3cmZO2Zp+Nye8pqrmub8TyztsDN:Jwxg3oKK8o8TyJc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b6c496f1d2f528ff18b4d6e2027a747a
- Size
  
  17KB
- MD5
  
  b6c496f1d2f528ff18b4d6e2027a747a
- SHA1
  
  9fc62b43fb40f90a7be355cf4cc99f16eedfebfc
- SHA256
  
  fca8047c1c621b6b2678a8ea6f2717e4914be22a3e091a6b04584e48e5da9487
- SHA512
  
  bbbcb6b92f88bc4bb2fe7212fca30af06c5a98d33488776db7c911c67f7e82bb924e41f33b1eae342a62b6b1da458fa2545fc1d7be703f95cbfef4d58eba69de
- SSDEEP
  
  384:JFub/Ng3cmZO2Zp+Nye8pqrmub8TyztsDN:Jwxg3oKK8o8TyJc
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2