cec7ef2ee8f074c05da82aa20814cfeb5337254e27b58ff0a6917ee18c94db2a | Triage

Sharing

General

Target

prob rat.zip
Size

1.1MB
Sample

240519-16kzrsdb5v
MD5

0ebcf394ba25c5f96b12bfd4c9a21cfa
SHA1

d004a6ab048b96d128219f825e288089dd0d968f
SHA256

cec7ef2ee8f074c05da82aa20814cfeb5337254e27b58ff0a6917ee18c94db2a
SHA512

cb2161f68aab9289353e9b464765efb413638f6278ecf673ff5cda9819c573846ca82068f7c79ace8ac4ecc6a4c0bf0dfe56a71ba860e0b1840f97f0a537b0aa
SSDEEP

24576:VLROCDvxEY6/eXYM0zostULID5W3SxRRCbZ6GQNiHYZ8Zxp:1ROClULosWW+cRRCbZ6GnHYZUxp

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  injector.exe
- Size
  
  6.0MB
- MD5
  
  883f82d264966f767d881d0247d35782
- SHA1
  
  a255b679824c4514d296cddeebb4bf5ab66aa3b6
- SHA256
  
  8f3abe6f403520bd76e9969da8f57c48eca0840c9c631ed12aeaa390f089a07e
- SHA512
  
  31d5aa29355c1a1d8b67546bfc32b3f9bbd81d7082b43e74e52f1fc7fcfd35a90e199ef9aded7752c8f88965ecb7f0a7eb8bb5771be0c1600915b3e3622c4936
- SSDEEP
  
  24576:QU9QqMVCssGgPUh1VNn9UQ7+YymQAXDdVOaCoua71+J0fgbGSh4s3sXYX7bCiFpa:qxKBTJOr7QcoCDHdIFcDgTq4GdT
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  internal.dll
- Size
  
  130KB
- MD5
  
  c39b1e688ff41b0ac5d3d35a98cf1f09
- SHA1
  
  b68dd81764e8e33ea64ea535fcdf4da921475b7e
- SHA256
  
  4c043478a2de55523492518b495252ba4e85a47901d9069fad4334bab0ed6d4c
- SHA512
  
  6faffa172d19af6c079063b21ffe1778f0786e6b09e85bfebc4cf841b4ac1f51d880ff454389d5402f6bfaccdab7857be899dd888bd6730f8eb69a4aaf728845
- SSDEEP
  
  1536:xh5wHMoCV0x0+4hNp87vV4DhCTF18RYsoGxuPwWhC5ZEsU5dGzwO/k5uTG6/nUj:rmMojx0tp8x4DhCTC4sUuzD/S6fUj
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2