7d39e2c4a83c12f6da77b6bbbfd3c3f7fc684687857a9ef79cadd5cb5c724084 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

050c3fd5c1fb10d2a2dd1e257aa3f9b3
Size

108KB
Sample

231229-1w181aaacq
MD5

050c3fd5c1fb10d2a2dd1e257aa3f9b3
SHA1

537754e2cca0ed9be382964f4dfbc26e0f397457
SHA256

7d39e2c4a83c12f6da77b6bbbfd3c3f7fc684687857a9ef79cadd5cb5c724084
SHA512

e40a8c91462ad899c840b2eb79b7873690d817336e215cebbe3de294fc6040593c7c5b0abc9e4d9d63e1e86f0029b525d42d17bc8a95cbaab894337b44da5c76
SSDEEP

3072:keUM9mSpXuPIW87/QinPWinRIqOLwTqZxT333:keBgSlKB80Q3RmL46Vn

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  050c3fd5c1fb10d2a2dd1e257aa3f9b3
- Size
  
  108KB
- MD5
  
  050c3fd5c1fb10d2a2dd1e257aa3f9b3
- SHA1
  
  537754e2cca0ed9be382964f4dfbc26e0f397457
- SHA256
  
  7d39e2c4a83c12f6da77b6bbbfd3c3f7fc684687857a9ef79cadd5cb5c724084
- SHA512
  
  e40a8c91462ad899c840b2eb79b7873690d817336e215cebbe3de294fc6040593c7c5b0abc9e4d9d63e1e86f0029b525d42d17bc8a95cbaab894337b44da5c76
- SSDEEP
  
  3072:keUM9mSpXuPIW87/QinPWinRIqOLwTqZxT333:keBgSlKB80Q3RmL46Vn
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2