61d6e04a4c8036d541f73c610fe5bc5a5ed88796ebe0d370365a726bb3738bc7 | Triage

Sharing

General

Target

1f84ec84621283bf01c6f15ad68f6459
Size

424KB
Sample

231230-25myeaccc2
MD5

1f84ec84621283bf01c6f15ad68f6459
SHA1

0e71b2a2e088e864593b8b480094ee6fde18fec8
SHA256

61d6e04a4c8036d541f73c610fe5bc5a5ed88796ebe0d370365a726bb3738bc7
SHA512

b7ae088bca2202480dd7f36836b13e8cb1c1ff5d21c1a71a8d75e62c1a234d837fce2e35dfa00991a79c1051e68c1969f39f77927ce9d49162cc24e69f6b574b
SSDEEP

12288:b4K95B0cRt95RLHpr59Ct6s9eG4Rh8R1uxZbhP7:kk5icRtTJHp60jhii

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  1f84ec84621283bf01c6f15ad68f6459
- Size
  
  424KB
- MD5
  
  1f84ec84621283bf01c6f15ad68f6459
- SHA1
  
  0e71b2a2e088e864593b8b480094ee6fde18fec8
- SHA256
  
  61d6e04a4c8036d541f73c610fe5bc5a5ed88796ebe0d370365a726bb3738bc7
- SHA512
  
  b7ae088bca2202480dd7f36836b13e8cb1c1ff5d21c1a71a8d75e62c1a234d837fce2e35dfa00991a79c1051e68c1969f39f77927ce9d49162cc24e69f6b574b
- SSDEEP
  
  12288:b4K95B0cRt95RLHpr59Ct6s9eG4Rh8R1uxZbhP7:kk5icRtTJHp60jhii
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2