54f04d6c4766eae6428494604c320c071b7981a6c236f457904c9c79d5a88c96 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1a9a9bfab40e1c6929aaa5d48cad68c.bin
Size

118KB
Sample

240313-czjalacd26
MD5

c1a9a9bfab40e1c6929aaa5d48cad68c
SHA1

41772b810e3d27f0ed6d18e1de0c70939a95e04e
SHA256

54f04d6c4766eae6428494604c320c071b7981a6c236f457904c9c79d5a88c96
SHA512

f88493ceea94c18906f6c9007b72b96866f1166ab548336aa5157e0c832d0a49b47c3cbcae5dc45cb1c6f5bb6e8b439787509e6223c6f270115381c5a8ccf2e0
SSDEEP

3072:UPfJ/VZWdAUjdxjZrVyu8YT+5KPn6l3FVDE6WVvS:UPfJ/+AUhxlr0+ScSl1W6MvS

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  c1a9a9bfab40e1c6929aaa5d48cad68c.bin
- Size
  
  118KB
- MD5
  
  c1a9a9bfab40e1c6929aaa5d48cad68c
- SHA1
  
  41772b810e3d27f0ed6d18e1de0c70939a95e04e
- SHA256
  
  54f04d6c4766eae6428494604c320c071b7981a6c236f457904c9c79d5a88c96
- SHA512
  
  f88493ceea94c18906f6c9007b72b96866f1166ab548336aa5157e0c832d0a49b47c3cbcae5dc45cb1c6f5bb6e8b439787509e6223c6f270115381c5a8ccf2e0
- SSDEEP
  
  3072:UPfJ/VZWdAUjdxjZrVyu8YT+5KPn6l3FVDE6WVvS:UPfJ/+AUhxlr0+ScSl1W6MvS
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2