3aa3e823244dd3318c5a9ef8416e48367c4b3c382c43b9b345ce477d466960ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c285c9746478274c92788bb7d892efb2
Size

476KB
Sample

240312-fsb5gsbb52
MD5

c285c9746478274c92788bb7d892efb2
SHA1

2623fdba56b5ed97ee97516f81af97491a48a7d0
SHA256

3aa3e823244dd3318c5a9ef8416e48367c4b3c382c43b9b345ce477d466960ae
SHA512

3644e632a5943cbdf310e31d89c006f2c263f0ce87ebce1c77e637a5677ba11aadb3fbbb4ba2fbf94011bb70307d4f78c7433ea66c6e188d93d4cc6aa131941c
SSDEEP

12288:Fp4lI7cmpEY4dMWTNeAvTAhe8FdMnyHcvXKbmv0WbaDa:FpUIQ5RpwQ8he8z0y8vKbab6

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  c285c9746478274c92788bb7d892efb2
- Size
  
  476KB
- MD5
  
  c285c9746478274c92788bb7d892efb2
- SHA1
  
  2623fdba56b5ed97ee97516f81af97491a48a7d0
- SHA256
  
  3aa3e823244dd3318c5a9ef8416e48367c4b3c382c43b9b345ce477d466960ae
- SHA512
  
  3644e632a5943cbdf310e31d89c006f2c263f0ce87ebce1c77e637a5677ba11aadb3fbbb4ba2fbf94011bb70307d4f78c7433ea66c6e188d93d4cc6aa131941c
- SSDEEP
  
  12288:Fp4lI7cmpEY4dMWTNeAvTAhe8FdMnyHcvXKbmv0WbaDa:FpUIQ5RpwQ8he8z0y8vKbab6
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2