a67d1664609e9edc2d9e2f6f0358e0f5b3c7ab1c08df606c9edc4ee1410482ab | Triage

Sharing

General

Target

AutomaticUpdate.exe
Size

3.5MB
Sample

240224-v5cn4sad51
MD5

19b286af0b303d7f2472e9aa9973ef36
SHA1

22cf14cb99623cd054fed2a5630a2017d97d6504
SHA256

a67d1664609e9edc2d9e2f6f0358e0f5b3c7ab1c08df606c9edc4ee1410482ab
SHA512

455519fac5999f4c18cb360d10316396a0a3b4b7701d7d9e63b52af0b71f04679e1ab6f2cb9b1c779a0b9287aadc38635240d9126f0cd04177add9ba37295b11
SSDEEP

98304:Bycnxo1IEkH9d8oBUip0KMwvUfll8ccnx228C:ZQIEsnzO/MU92nb8C

Score

8^/10

Malware Config

Targets

- Target
  
  AutomaticUpdate.exe
- Size
  
  3.5MB
- MD5
  
  19b286af0b303d7f2472e9aa9973ef36
- SHA1
  
  22cf14cb99623cd054fed2a5630a2017d97d6504
- SHA256
  
  a67d1664609e9edc2d9e2f6f0358e0f5b3c7ab1c08df606c9edc4ee1410482ab
- SHA512
  
  455519fac5999f4c18cb360d10316396a0a3b4b7701d7d9e63b52af0b71f04679e1ab6f2cb9b1c779a0b9287aadc38635240d9126f0cd04177add9ba37295b11
- SSDEEP
  
  98304:Bycnxo1IEkH9d8oBUip0KMwvUfll8ccnx228C:ZQIEsnzO/MU92nb8C
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2