62b5fecb4f8063f3ee77c78df27b38a214d445d028aab2e91fd6ae9ce8767b62 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62b5fecb4f8063f3ee77c78df27b38a214d445d028aab2e91fd6ae9ce8767b62
Size

137KB
Sample

240319-zlxx6afc37
MD5

0d9df622499844e2ccb6d9ea5c425d9d
SHA1

20546ad38ac629063ac113b8388b065917fcde75
SHA256

62b5fecb4f8063f3ee77c78df27b38a214d445d028aab2e91fd6ae9ce8767b62
SHA512

f019ed8def62ee2d2fdbcf7f4f1c981bd39fbb7c56ff23c3c3431a49b56efdf09a81aaac3321268645b4f958f8ed9dd600ed929a718944972812630ae34a3d73
SSDEEP

3072:j1i/NU8bOMYcYYcmy5d048g3nan3vx9kGSYng7+s5YmMOMYcYY51i/NU81:xi/NjO5x0Xg+UGSYnuy3Oai/Nd

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  62b5fecb4f8063f3ee77c78df27b38a214d445d028aab2e91fd6ae9ce8767b62
- Size
  
  137KB
- MD5
  
  0d9df622499844e2ccb6d9ea5c425d9d
- SHA1
  
  20546ad38ac629063ac113b8388b065917fcde75
- SHA256
  
  62b5fecb4f8063f3ee77c78df27b38a214d445d028aab2e91fd6ae9ce8767b62
- SHA512
  
  f019ed8def62ee2d2fdbcf7f4f1c981bd39fbb7c56ff23c3c3431a49b56efdf09a81aaac3321268645b4f958f8ed9dd600ed929a718944972812630ae34a3d73
- SSDEEP
  
  3072:j1i/NU8bOMYcYYcmy5d048g3nan3vx9kGSYng7+s5YmMOMYcYY51i/NU81:xi/NjO5x0Xg+UGSYnuy3Oai/Nd
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2