8f70aa0152bbd4193246f18dbf699fa66354784c721a0de3a6eb3be8bda983d6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa154bf9914dde5a62cacbbea32846c2
Size

154KB
Sample

240227-y9abbsah3v
MD5

aa154bf9914dde5a62cacbbea32846c2
SHA1

d139b6970a4385fdc48134d1c79f89d133088adf
SHA256

8f70aa0152bbd4193246f18dbf699fa66354784c721a0de3a6eb3be8bda983d6
SHA512

4f9dfa01c47323ecac01a46e28f2f61602c4bec182fd1c96d980151b58a2e1c8c55a1ed19128cd112f54ffbaacadb816571f8a0696fca905d5075a951483af77
SSDEEP

3072:+KQOR90TUYyE0DD9p1DDjPrFIrOHXyK93BUAtEu5AyJvtHTkqfg0MPdb/VBNzbA6:+KQOR90AYo1WrOHiKluAGuq0HTtCdb

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  aa154bf9914dde5a62cacbbea32846c2
- Size
  
  154KB
- MD5
  
  aa154bf9914dde5a62cacbbea32846c2
- SHA1
  
  d139b6970a4385fdc48134d1c79f89d133088adf
- SHA256
  
  8f70aa0152bbd4193246f18dbf699fa66354784c721a0de3a6eb3be8bda983d6
- SHA512
  
  4f9dfa01c47323ecac01a46e28f2f61602c4bec182fd1c96d980151b58a2e1c8c55a1ed19128cd112f54ffbaacadb816571f8a0696fca905d5075a951483af77
- SSDEEP
  
  3072:+KQOR90TUYyE0DD9p1DDjPrFIrOHXyK93BUAtEu5AyJvtHTkqfg0MPdb/VBNzbA6:+KQOR90AYo1WrOHiKluAGuq0HTtCdb
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2