776a6f8c7348c60e0d7981691343d7d47295564b910d653e6318131349fec27a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

explorer.exe
Size

173KB
Sample

240424-mg2z4agg9t
MD5

16e7f875c0c72a632a6d215157ecf511
SHA1

91fd9a791aba18469dea94e259f9dafa67f48c14
SHA256

776a6f8c7348c60e0d7981691343d7d47295564b910d653e6318131349fec27a
SHA512

95bc2b431720ca5739b06b96f6a6fb53c609642cba6bf49c4258190888ab1914b52058392b95f546272bf3ebdb8dcad217d6fcd469653f20c7e6dde60e686729
SSDEEP

3072:BubMslbFQLwumPR/VkJqKGnGdsbkuws4bH0hLN2:BElbImIwE+bkuwsYUT

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  explorer.exe
- Size
  
  173KB
- MD5
  
  16e7f875c0c72a632a6d215157ecf511
- SHA1
  
  91fd9a791aba18469dea94e259f9dafa67f48c14
- SHA256
  
  776a6f8c7348c60e0d7981691343d7d47295564b910d653e6318131349fec27a
- SHA512
  
  95bc2b431720ca5739b06b96f6a6fb53c609642cba6bf49c4258190888ab1914b52058392b95f546272bf3ebdb8dcad217d6fcd469653f20c7e6dde60e686729
- SSDEEP
  
  3072:BubMslbFQLwumPR/VkJqKGnGdsbkuws4bH0hLN2:BElbImIwE+bkuwsYUT
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5