554c479dc09b12970f69bf5ab86194236d39a104c868b393b5ed2715c8fe14a4 | Triage

Sharing

General

Target

72f0fb04afcd03dd66fcdd01ddbf6b6d
Size

17KB
Sample

240124-1p3s9ahhhl
MD5

72f0fb04afcd03dd66fcdd01ddbf6b6d
SHA1

36b7a94e290130dadaede95ba588e00f1b1513a2
SHA256

554c479dc09b12970f69bf5ab86194236d39a104c868b393b5ed2715c8fe14a4
SHA512

2ad65f36f1e11f127a4ecfe9bc530817085ab335f6cf08452efbf3fe76b61852049828b97f7691a2a1cda13437edf47da627aedf9e58f52f626b88e32ef3f088
SSDEEP

384:4FvfCqfhfcmZO2Zp+Nye8pqrmub8TyztsDN:4lfdhfoKK8o8TyJc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  72f0fb04afcd03dd66fcdd01ddbf6b6d
- Size
  
  17KB
- MD5
  
  72f0fb04afcd03dd66fcdd01ddbf6b6d
- SHA1
  
  36b7a94e290130dadaede95ba588e00f1b1513a2
- SHA256
  
  554c479dc09b12970f69bf5ab86194236d39a104c868b393b5ed2715c8fe14a4
- SHA512
  
  2ad65f36f1e11f127a4ecfe9bc530817085ab335f6cf08452efbf3fe76b61852049828b97f7691a2a1cda13437edf47da627aedf9e58f52f626b88e32ef3f088
- SSDEEP
  
  384:4FvfCqfhfcmZO2Zp+Nye8pqrmub8TyztsDN:4lfdhfoKK8o8TyJc
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2