efeb1f0f35c12bd55b5f03bd0d56e78ad3b32e450569a879ac323b3efe147573 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WarCrypter.zip
Size

1.5MB
Sample

240129-smyshseahl
MD5

f572147746b8316a732b6d8abf6d0651
SHA1

9e8dc58d6315fbaae6cabc81cafbec791b52390b
SHA256

efeb1f0f35c12bd55b5f03bd0d56e78ad3b32e450569a879ac323b3efe147573
SHA512

dcac43a7cb622db0caae386d2a877e4822a14819adaf60e499cd90d9df0888119abf633bde2163c9cd835d9828d98fb64deaec65fb0178729f9aeeb5cffbca8a
SSDEEP

24576:J+JBxk589/ntGDfMpAuJok/7BOGieAOR8NOOD731FEjU213+Gf0Cmppw6BnSn:Axw+tCGok/MJi8A07cuGEpu6A

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  WarCrypter/WarCrypter.exe
- Size
  
  1.0MB
- MD5
  
  5172e42a4c37c324d1bbde19e2523614
- SHA1
  
  82ad13fa0fa289de0bc39f769ed7aff26fb5c149
- SHA256
  
  d53fa4cccfb68404f07949fa67b230697b2f3e2acec6535d8ce74ed397ef05c6
- SHA512
  
  aadf26baf1e735c55a8fe3cfe68e9053968bc529b1c4b4a70a4441e5cf85d32ed916b5934de5c312d5896d1fab37712e026a8485fe91226428e77d5fbd670697
- SSDEEP
  
  24576:3+kh6t3UREOdw3pDhmuU1ITWxLi68+fEo6VDjZCUB:3KMdwZ1mqH+SVHDB
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1