489ea846f892d2eb3bd097dcc52f7d52d9f91caf82c956d0bce528b32c45a749 | Triage

Sharing

General

Target

489ea846f892d2eb3bd097dcc52f7d52d9f91caf82c956d0bce528b32c45a749
Size

160KB
Sample

240419-zy9gqagd3z
MD5

02403d610d70d5bdb9cd5435a95fa131
SHA1

15d6ed60f1b4df30a8d0ac62529a783e807b1b45
SHA256

489ea846f892d2eb3bd097dcc52f7d52d9f91caf82c956d0bce528b32c45a749
SHA512

edb5395efb5b1e4804d7e2ab764d3e2d5413110d74ae9f891bc3384b14e00c683e96c522994ef8b5c94cd9e7ebcbd2e7552573fb0135d2279bf6fe3788525de3
SSDEEP

768:YJXL+uSmvNAci2FhoJ0h4h2hQJVNjDkp57xXp5Rmg5Fh4hqhxOhDhzhnhvhzhOhs:Y9qhcimJh4h2hON6x5puwVT0B

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  489ea846f892d2eb3bd097dcc52f7d52d9f91caf82c956d0bce528b32c45a749
- Size
  
  160KB
- MD5
  
  02403d610d70d5bdb9cd5435a95fa131
- SHA1
  
  15d6ed60f1b4df30a8d0ac62529a783e807b1b45
- SHA256
  
  489ea846f892d2eb3bd097dcc52f7d52d9f91caf82c956d0bce528b32c45a749
- SHA512
  
  edb5395efb5b1e4804d7e2ab764d3e2d5413110d74ae9f891bc3384b14e00c683e96c522994ef8b5c94cd9e7ebcbd2e7552573fb0135d2279bf6fe3788525de3
- SSDEEP
  
  768:YJXL+uSmvNAci2FhoJ0h4h2hQJVNjDkp57xXp5Rmg5Fh4hqhxOhDhzhnhvhzhOhs:Y9qhcimJh4h2hON6x5puwVT0B
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2