e46615f5b0889ce0e5ad823d3d9ac0cb096765ce42c57d48ab33a85d341ad1e0 | Triage

Sharing

General

Target

8c715b595c817d0329225d6ac38f589c
Size

1.4MB
Sample

240203-qrjhaacgcq
MD5

8c715b595c817d0329225d6ac38f589c
SHA1

7f4fd357056b846cf0ba7d27af3b9cbb59f18fa9
SHA256

e46615f5b0889ce0e5ad823d3d9ac0cb096765ce42c57d48ab33a85d341ad1e0
SHA512

9da7288367be001fd951335841d8ded0d1bcf41c15a41dae521cf28c30bfd080121f7899885bca06dd34f2679dd9d94d521a147ca482d1cf52a6c9c68f27c9e4
SSDEEP

24576:wL0mqdRkD33/hnheiisfPxREPu3sjleyqULE1XOu6JPX3Jmj:wolODnreAfJREze7/XOdpnU

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8c715b595c817d0329225d6ac38f589c
- Size
  
  1.4MB
- MD5
  
  8c715b595c817d0329225d6ac38f589c
- SHA1
  
  7f4fd357056b846cf0ba7d27af3b9cbb59f18fa9
- SHA256
  
  e46615f5b0889ce0e5ad823d3d9ac0cb096765ce42c57d48ab33a85d341ad1e0
- SHA512
  
  9da7288367be001fd951335841d8ded0d1bcf41c15a41dae521cf28c30bfd080121f7899885bca06dd34f2679dd9d94d521a147ca482d1cf52a6c9c68f27c9e4
- SSDEEP
  
  24576:wL0mqdRkD33/hnheiisfPxREPu3sjleyqULE1XOu6JPX3Jmj:wolODnreAfJREze7/XOdpnU
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2