5ba65b7918fd6b55c0f37fea62634c7e34e88bbc5f8ee87d68c421c776040f13 | Triage

Sharing

General

Target

ec60949c321e9da8b73850fd1f7dd2b5.exe
Size

120KB
Sample

240712-d37ysszama
MD5

ec60949c321e9da8b73850fd1f7dd2b5
SHA1

c234ce832fe5706ba2f09a57d5fde22b164c0e0a
SHA256

5ba65b7918fd6b55c0f37fea62634c7e34e88bbc5f8ee87d68c421c776040f13
SHA512

7ed7a5c02e2beb3338b2f08006b8ff247f40a90116a0183995e244299c598acc02c59f7a10e3666476580ebcfc21452689dbee58f9d8cf0421c5c025c4663c60
SSDEEP

3072:ga0o6HDkzbJh1qCxW69hd1MMdxPe9N9uA0Fu9TBfErrNe:ga53bJhs0W69hd1MMdxPe9N9uA0Fu9TJ

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  ec60949c321e9da8b73850fd1f7dd2b5.exe
- Size
  
  120KB
- MD5
  
  ec60949c321e9da8b73850fd1f7dd2b5
- SHA1
  
  c234ce832fe5706ba2f09a57d5fde22b164c0e0a
- SHA256
  
  5ba65b7918fd6b55c0f37fea62634c7e34e88bbc5f8ee87d68c421c776040f13
- SHA512
  
  7ed7a5c02e2beb3338b2f08006b8ff247f40a90116a0183995e244299c598acc02c59f7a10e3666476580ebcfc21452689dbee58f9d8cf0421c5c025c4663c60
- SSDEEP
  
  3072:ga0o6HDkzbJh1qCxW69hd1MMdxPe9N9uA0Fu9TBfErrNe:ga53bJhs0W69hd1MMdxPe9N9uA0Fu9TJ
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Use of msiexec (install) with remote resource
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation