5202cf32f841c76cbee0a53882b484d2326ce8d20ecb0baebef7663ac769014a | Triage

Sharing

General

Target

5202cf32f841c76cbee0a53882b484d2326ce8d20ecb0baebef7663ac769014a
Size

123KB
Sample

240416-1xqhwsdg85
MD5

5014c394375e8fb65f41236e82b4512c
SHA1

0c113584a5b5c0e0f847925b47a0b679fcf4df42
SHA256

5202cf32f841c76cbee0a53882b484d2326ce8d20ecb0baebef7663ac769014a
SHA512

6e1ad228128482005d4e9cbcb1a2ec168f7afe51f51d5b60a7a31568bb0d9d46cab10e43c3cee7813c1277c853c36eee3666c61db78e2bafc9757ce0431538db
SSDEEP

3072:PfU/WF6QMauSuiWNi9CO+WARJrWNZIYvQd2i:AWKauSuiWNiUBRJrW7fi

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  5202cf32f841c76cbee0a53882b484d2326ce8d20ecb0baebef7663ac769014a
- Size
  
  123KB
- MD5
  
  5014c394375e8fb65f41236e82b4512c
- SHA1
  
  0c113584a5b5c0e0f847925b47a0b679fcf4df42
- SHA256
  
  5202cf32f841c76cbee0a53882b484d2326ce8d20ecb0baebef7663ac769014a
- SHA512
  
  6e1ad228128482005d4e9cbcb1a2ec168f7afe51f51d5b60a7a31568bb0d9d46cab10e43c3cee7813c1277c853c36eee3666c61db78e2bafc9757ce0431538db
- SSDEEP
  
  3072:PfU/WF6QMauSuiWNi9CO+WARJrWNZIYvQd2i:AWKauSuiWNiUBRJrW7fi
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2