1c0a4771fb5764d1dc8a9538f26932675d1318802f7fed19b9b6238dc812d9ee | Triage

Sharing

General

Target

1c0a4771fb5764d1dc8a9538f26932675d1318802f7fed19b9b6238dc812d9ee.exe
Size

2.6MB
Sample

240725-t98rnsvhle
MD5

12d968be38569eb882d1af486e04c92f
SHA1

76c042e964bc0fcf8e61c21f6e8aa1fd77c2cbdb
SHA256

1c0a4771fb5764d1dc8a9538f26932675d1318802f7fed19b9b6238dc812d9ee
SHA512

013607b19fb394a90aafbbe3a519ebca3274da041bc21b7858e19897be02685db0b7b016b2a24d753bb33b2bab0df1144e8a950a2818665616fb414556d52a26
SSDEEP

49152:snsHyjtk2MYC5GDyuOfntt0yaTMRJOeWAgf/Mp:snsmtk2a2uT5gI

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  1c0a4771fb5764d1dc8a9538f26932675d1318802f7fed19b9b6238dc812d9ee.exe
- Size
  
  2.6MB
- MD5
  
  12d968be38569eb882d1af486e04c92f
- SHA1
  
  76c042e964bc0fcf8e61c21f6e8aa1fd77c2cbdb
- SHA256
  
  1c0a4771fb5764d1dc8a9538f26932675d1318802f7fed19b9b6238dc812d9ee
- SHA512
  
  013607b19fb394a90aafbbe3a519ebca3274da041bc21b7858e19897be02685db0b7b016b2a24d753bb33b2bab0df1144e8a950a2818665616fb414556d52a26
- SSDEEP
  
  49152:snsHyjtk2MYC5GDyuOfntt0yaTMRJOeWAgf/Mp:snsmtk2a2uT5gI
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence