98525410d2059eb66f65d122bbe2707df649674bd8c03a9fb99318ca4e16cc95 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39231f93704a3efb5b04867ff8fd187f
Size

70KB
Sample

231231-rd6w4aaecm
MD5

39231f93704a3efb5b04867ff8fd187f
SHA1

a6366eaa1c8e154ad9e20b8dd1b9c3af73f8be1a
SHA256

98525410d2059eb66f65d122bbe2707df649674bd8c03a9fb99318ca4e16cc95
SHA512

362720a794d534df47a236be71c2905de92cab5bbc2117657c2178be6cb905c746f84cfeadc2c3af657c640b3511fc9a2df7cc6db8f2c475809c04b51364b4a2
SSDEEP

1536:p3l95/TQp85RyxbhyUkADu7+INr6vRWPXBae:p3T5qA2BkADudx6vRWPXBa

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  39231f93704a3efb5b04867ff8fd187f
- Size
  
  70KB
- MD5
  
  39231f93704a3efb5b04867ff8fd187f
- SHA1
  
  a6366eaa1c8e154ad9e20b8dd1b9c3af73f8be1a
- SHA256
  
  98525410d2059eb66f65d122bbe2707df649674bd8c03a9fb99318ca4e16cc95
- SHA512
  
  362720a794d534df47a236be71c2905de92cab5bbc2117657c2178be6cb905c746f84cfeadc2c3af657c640b3511fc9a2df7cc6db8f2c475809c04b51364b4a2
- SSDEEP
  
  1536:p3l95/TQp85RyxbhyUkADu7+INr6vRWPXBae:p3T5qA2BkADudx6vRWPXBa
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2