bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c | Triage

Sharing

General

Target

Backdoor.Win32.Shark.gfc-bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c
Size

305KB
Sample

240229-hqs2bshf2t
MD5

5ff4b7f5334e8c4d1f6eefe5a0af1ff6
SHA1

1c65c72416a31fda76d6d824f8e739f8b24c40ea
SHA256

bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c
SHA512

8fa34cdbc48b06131cd0d24bc337dce4498f0134c81fef44a81f16ee473104cf79a880d0499415c740941ff02ccdcd428ea2172f6156d23f6fb020b8dc21dde2
SSDEEP

6144:zdZOSoyCVuqaGqqCG6K3SidwlBUov2GBxgGNkVsuaRaU6mHG:pIx0UEHgA0aRz6mHG

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Backdoor.Win32.Shark.gfc-bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c
- Size
  
  305KB
- MD5
  
  5ff4b7f5334e8c4d1f6eefe5a0af1ff6
- SHA1
  
  1c65c72416a31fda76d6d824f8e739f8b24c40ea
- SHA256
  
  bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c
- SHA512
  
  8fa34cdbc48b06131cd0d24bc337dce4498f0134c81fef44a81f16ee473104cf79a880d0499415c740941ff02ccdcd428ea2172f6156d23f6fb020b8dc21dde2
- SSDEEP
  
  6144:zdZOSoyCVuqaGqqCG6K3SidwlBUov2GBxgGNkVsuaRaU6mHG:pIx0UEHgA0aRz6mHG
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2