43faad67765a500d5b06e52a1d0a2c33d929ac8c5b120ca707e0b14fc5c38129 | Triage

Sharing

General

Target

smile.exe
Size

60.6MB
Sample

240711-zem5dashnl
MD5

a1fb53b13a0b3a6a059c4edd680dc188
SHA1

62390b165ab78ce119330e91fbd938e19eeaf2f9
SHA256

43faad67765a500d5b06e52a1d0a2c33d929ac8c5b120ca707e0b14fc5c38129
SHA512

9c3b1048719db82109abf04a47ee7580c329f7bc9e21de77f9ee56ecbe21256a3da5398c669c9f301dcda69d508bc1828f0b89c7cf53c1b1e4e8f7f5d79ff9ea
SSDEEP

1572864:kVW7OspdVQZoArXOCggYYPCg6HlaNFS9LofmPAQRzWfudmplw:1rorAYPCDHQFS9cfFQRzaukplw

Score

8^/10

execution

Malware Config

Targets

- Target
  
  smile.exe
- Size
  
  60.6MB
- MD5
  
  a1fb53b13a0b3a6a059c4edd680dc188
- SHA1
  
  62390b165ab78ce119330e91fbd938e19eeaf2f9
- SHA256
  
  43faad67765a500d5b06e52a1d0a2c33d929ac8c5b120ca707e0b14fc5c38129
- SHA512
  
  9c3b1048719db82109abf04a47ee7580c329f7bc9e21de77f9ee56ecbe21256a3da5398c669c9f301dcda69d508bc1828f0b89c7cf53c1b1e4e8f7f5d79ff9ea
- SSDEEP
  
  1572864:kVW7OspdVQZoArXOCggYYPCg6HlaNFS9LofmPAQRzWfudmplw:1rorAYPCDHQFS9cfFQRzaukplw
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3