657087ad03e5e646fcd4cb6bf37ceeed10e951f6b61e899c04e841fc4ae81b4b | Triage

Sharing

General

Target

657087ad03e5e646fcd4cb6bf37ceeed10e951f6b61e899c04e841fc4ae81b4b
Size

546KB
Sample

240313-yv3pbsfb2w
MD5

475a17c4dbc94ad0a4c0d3c2d2b61d73
SHA1

ba9cc6bbce5719fcd9e608d5599bb96aad4f10e9
SHA256

657087ad03e5e646fcd4cb6bf37ceeed10e951f6b61e899c04e841fc4ae81b4b
SHA512

f252cad650328aa22e1d7a568945cccaedcd31066be2af3bb4b1ed015266e1d78bdf19b12e7efba4d7d80f618e64fdc72e42f8cf19468c661c35f187f3384fae
SSDEEP

12288:Wh3ZukLF5fRY5a/6GX41rnVMYZc+R5kv7Mu9:WhMkxlRSaiP1L/KL

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  657087ad03e5e646fcd4cb6bf37ceeed10e951f6b61e899c04e841fc4ae81b4b
- Size
  
  546KB
- MD5
  
  475a17c4dbc94ad0a4c0d3c2d2b61d73
- SHA1
  
  ba9cc6bbce5719fcd9e608d5599bb96aad4f10e9
- SHA256
  
  657087ad03e5e646fcd4cb6bf37ceeed10e951f6b61e899c04e841fc4ae81b4b
- SHA512
  
  f252cad650328aa22e1d7a568945cccaedcd31066be2af3bb4b1ed015266e1d78bdf19b12e7efba4d7d80f618e64fdc72e42f8cf19468c661c35f187f3384fae
- SSDEEP
  
  12288:Wh3ZukLF5fRY5a/6GX41rnVMYZc+R5kv7Mu9:WhMkxlRSaiP1L/KL
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2