6a2d4662ca4123e0fce95f32f97323bdd18244a8f8452e9f1a6d2192810cfcf7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfc65f7eb2365ec6a103fa84bc7d9343
Size

151KB
Sample

240326-wm3m9agc98
MD5

dfc65f7eb2365ec6a103fa84bc7d9343
SHA1

d54a9973b7ac59886112256876f98c4e3a06a53d
SHA256

6a2d4662ca4123e0fce95f32f97323bdd18244a8f8452e9f1a6d2192810cfcf7
SHA512

160de29106f93de6b4ffda34ad9d7c327b35843dacaccaf8cd46d58ff62962a62f660cd2a0c83245386220acfc30022d3140ac3c9637afae3d79bf4ce6cdecaa
SSDEEP

3072:Ug8GT+5S1L/kpGdyUwJkI6GO6uWt2krnLbbkqS7wopedle7tnR+8RG:Uu1zkG4UwJRO6HtRb/PHoQYtnbE

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  dfc65f7eb2365ec6a103fa84bc7d9343
- Size
  
  151KB
- MD5
  
  dfc65f7eb2365ec6a103fa84bc7d9343
- SHA1
  
  d54a9973b7ac59886112256876f98c4e3a06a53d
- SHA256
  
  6a2d4662ca4123e0fce95f32f97323bdd18244a8f8452e9f1a6d2192810cfcf7
- SHA512
  
  160de29106f93de6b4ffda34ad9d7c327b35843dacaccaf8cd46d58ff62962a62f660cd2a0c83245386220acfc30022d3140ac3c9637afae3d79bf4ce6cdecaa
- SSDEEP
  
  3072:Ug8GT+5S1L/kpGdyUwJkI6GO6uWt2krnLbbkqS7wopedle7tnR+8RG:Uu1zkG4UwJRO6HtRb/PHoQYtnbE
Score

8^/10

persistence
- Blocklisted process makes network request
- Drops file in Drivers directory
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2