629d7370d0c761234400ce6cd65eef3e1b974df6129e6e3bc7158a1d3ab9a3d0 | Triage

Sharing

General

Target

36bdda43e73997a8cf45bb551d74a351
Size

113KB
Sample

231225-xs1lhsaea7
MD5

36bdda43e73997a8cf45bb551d74a351
SHA1

b343cc61e39d7cfd27bd4d081c807f37522a5531
SHA256

629d7370d0c761234400ce6cd65eef3e1b974df6129e6e3bc7158a1d3ab9a3d0
SHA512

b9bb0f8a53e556684c29c3d578276d0384ee15aaf507a6dc76018c8f8da26f778bd265422565519d2a2b0535c0f22993ea774e46674f0f7da42705986e532504
SSDEEP

3072:aCU63Qs3SnhpLYTXPWXWT7QBTG3EUm9y9UFADUZD19:OeOZmiWEUmY9U6Di

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  36bdda43e73997a8cf45bb551d74a351
- Size
  
  113KB
- MD5
  
  36bdda43e73997a8cf45bb551d74a351
- SHA1
  
  b343cc61e39d7cfd27bd4d081c807f37522a5531
- SHA256
  
  629d7370d0c761234400ce6cd65eef3e1b974df6129e6e3bc7158a1d3ab9a3d0
- SHA512
  
  b9bb0f8a53e556684c29c3d578276d0384ee15aaf507a6dc76018c8f8da26f778bd265422565519d2a2b0535c0f22993ea774e46674f0f7da42705986e532504
- SSDEEP
  
  3072:aCU63Qs3SnhpLYTXPWXWT7QBTG3EUm9y9UFADUZD19:OeOZmiWEUmY9U6Di
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2