41e83663556509ff4798475d93351d6d6c5b115d915287e119ff424628dd6031 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b5becb746e18f1e179acb31a9c2f24f
Size

71KB
Sample

231230-cqkr3ache9
MD5

0b5becb746e18f1e179acb31a9c2f24f
SHA1

2d43311902814d62b4d18203dd10d21e8050f8a6
SHA256

41e83663556509ff4798475d93351d6d6c5b115d915287e119ff424628dd6031
SHA512

8c1ea8514f91d0739d66d4ecca986412577a5b9b5905c96316303fe166f6c8701992757e90af28b66a503326d34c4f3ebac92bf261d4cb6c5e7a00e520058de4
SSDEEP

1536:EEJv67OKCgIRt3mOmKReQ5GJE11koYFHmfFa1wfBObp3Kp9uSYrLPLGjFnX:EEpiTKt2OVRewbrHYRmfA1wfBOKruSG0

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  0b5becb746e18f1e179acb31a9c2f24f
- Size
  
  71KB
- MD5
  
  0b5becb746e18f1e179acb31a9c2f24f
- SHA1
  
  2d43311902814d62b4d18203dd10d21e8050f8a6
- SHA256
  
  41e83663556509ff4798475d93351d6d6c5b115d915287e119ff424628dd6031
- SHA512
  
  8c1ea8514f91d0739d66d4ecca986412577a5b9b5905c96316303fe166f6c8701992757e90af28b66a503326d34c4f3ebac92bf261d4cb6c5e7a00e520058de4
- SSDEEP
  
  1536:EEJv67OKCgIRt3mOmKReQ5GJE11koYFHmfFa1wfBObp3Kp9uSYrLPLGjFnX:EEpiTKt2OVRewbrHYRmfA1wfBOKruSG0
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2