2bcda1b7bb6bbf3e07c9a2fc96c27b10d9fe6a201c38864f8bf192d2a1caf9a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfaf83fa1706eb0110428b8f204d4836
Size

757KB
Sample

231222-s7lzfsbbcn
MD5

dfaf83fa1706eb0110428b8f204d4836
SHA1

526d198a8ab98a9662085c3bfd8089a5b61c1655
SHA256

2bcda1b7bb6bbf3e07c9a2fc96c27b10d9fe6a201c38864f8bf192d2a1caf9a4
SHA512

7c40180afaa80b6c26624831e25d7ef93264c832598c02efe9c3e0c1b038b22d78f6174fe08086d3817506b34c2a15eccb81ff4fb9756016cdd93fca045e2920
SSDEEP

12288:vRzxP1NWt5LZMo6p1PJ7egEK44WjJZevRbS2IWJlRyR0wut3JVyrbDO6WZr+GSPV:vZx+dZH6p1R7egEAW7e9zIWJHy6ntSrH

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  dfaf83fa1706eb0110428b8f204d4836
- Size
  
  757KB
- MD5
  
  dfaf83fa1706eb0110428b8f204d4836
- SHA1
  
  526d198a8ab98a9662085c3bfd8089a5b61c1655
- SHA256
  
  2bcda1b7bb6bbf3e07c9a2fc96c27b10d9fe6a201c38864f8bf192d2a1caf9a4
- SHA512
  
  7c40180afaa80b6c26624831e25d7ef93264c832598c02efe9c3e0c1b038b22d78f6174fe08086d3817506b34c2a15eccb81ff4fb9756016cdd93fca045e2920
- SSDEEP
  
  12288:vRzxP1NWt5LZMo6p1PJ7egEK44WjJZevRbS2IWJlRyR0wut3JVyrbDO6WZr+GSPV:vZx+dZH6p1R7egEAW7e9zIWJHy6ntSrH
Score

1^/10
behavioral1 behavioral2
- Target
  
  DATA.scr
- Size
  
  889KB
- MD5
  
  29edd2fbedcfd056c4227eb762de516e
- SHA1
  
  01053aff28fc7ae32d9800b676d79828e18cb75f
- SHA256
  
  462a637a40d4a1b00fb846ac7c4dea44a2a66bef583e69423f7ad5c12c34a8ef
- SHA512
  
  f1faa29fb5ab51dd9de94a53ec0496a65bee302f2da2b7d596685e7a26ed6768040589ead8fcd274ccabf78352bf671ae045a836a0f34c38017ce2c79c6a18e5
- SSDEEP
  
  24576:BX48QE+U/hHKp3TN0gEkIdO9DIWJH+OndSrW6WZr+GSPwx5b:BXz+wHKn0kIEBJeY+56pSPS
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoverypersistence

behavioral4

discoverypersistence