0fbeb3f50de140fda85678fe354a9cd5df970763fa9541c7a7f93226c292e1d9 | Triage

Sharing

General

Target

c9328044f3d94a0e9dc9d22c200e317a
Size

145KB
Sample

240314-v2j9saab5z
MD5

c9328044f3d94a0e9dc9d22c200e317a
SHA1

d036f755ad9001dbad66d2011fb470a3c9452643
SHA256

0fbeb3f50de140fda85678fe354a9cd5df970763fa9541c7a7f93226c292e1d9
SHA512

d439c3ff81a64e0393358f34cf3b3905b88141e501bfe9100846c889ee6fb6934ba0e27cc4d74a69b13380c02b3c814cf054203a65ab6ff8b8dfe6879be88d30
SSDEEP

3072:OXPjwSiU99T0uhtdk4to+sogF9zcn4FZhFU/tZ5Cm80Kba:ePjUU9V0Svbs/zG2H+ZJ2

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  c9328044f3d94a0e9dc9d22c200e317a
- Size
  
  145KB
- MD5
  
  c9328044f3d94a0e9dc9d22c200e317a
- SHA1
  
  d036f755ad9001dbad66d2011fb470a3c9452643
- SHA256
  
  0fbeb3f50de140fda85678fe354a9cd5df970763fa9541c7a7f93226c292e1d9
- SHA512
  
  d439c3ff81a64e0393358f34cf3b3905b88141e501bfe9100846c889ee6fb6934ba0e27cc4d74a69b13380c02b3c814cf054203a65ab6ff8b8dfe6879be88d30
- SSDEEP
  
  3072:OXPjwSiU99T0uhtdk4to+sogF9zcn4FZhFU/tZ5Cm80Kba:ePjUU9V0Svbs/zG2H+ZJ2
Score

8^/10

persistence
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2