ce6abe055604dd9ecf00f16270f702cf5cde0937321213c458af03cc12e3331c | Triage

Sharing

General

Target

4fd19e172f2d1b6bd0f7406b89a55e73
Size

187KB
Sample

240110-g47wzaacam
MD5

4fd19e172f2d1b6bd0f7406b89a55e73
SHA1

a068836eb57ecbf80dc407f385e55fa79edc1494
SHA256

ce6abe055604dd9ecf00f16270f702cf5cde0937321213c458af03cc12e3331c
SHA512

0c45494d1b5698c9c19831cbab24b8924b3b5a5ffb325fdb7c55c3892e5c11304288c2aa76f27a0d76cc6f56a710c24bb2af13219d3ea3d29eca49a4a35d7150
SSDEEP

3072:DNdo5/O8yhtFKGnWkkJRrbXjDb7bDl3wDzTKFhe0y2/RXLU99q:xlrhtFKGWrbXjPAzTKFN9pXD

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4fd19e172f2d1b6bd0f7406b89a55e73
- Size
  
  187KB
- MD5
  
  4fd19e172f2d1b6bd0f7406b89a55e73
- SHA1
  
  a068836eb57ecbf80dc407f385e55fa79edc1494
- SHA256
  
  ce6abe055604dd9ecf00f16270f702cf5cde0937321213c458af03cc12e3331c
- SHA512
  
  0c45494d1b5698c9c19831cbab24b8924b3b5a5ffb325fdb7c55c3892e5c11304288c2aa76f27a0d76cc6f56a710c24bb2af13219d3ea3d29eca49a4a35d7150
- SSDEEP
  
  3072:DNdo5/O8yhtFKGnWkkJRrbXjDb7bDl3wDzTKFhe0y2/RXLU99q:xlrhtFKGWrbXjPAzTKFN9pXD
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2