21e7e777534d3bdac1d49e8283ce0d0c28c229962fe571f53389a00c79a17f8f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

def7cd96d074f74c01a24a7544dd49a0N.exe
Size

448KB
Sample

240822-crra8sxdlm
MD5

def7cd96d074f74c01a24a7544dd49a0
SHA1

492f4b3e7a85b690f3d29c110c5b890657b2ef34
SHA256

21e7e777534d3bdac1d49e8283ce0d0c28c229962fe571f53389a00c79a17f8f
SHA512

290d796220c089b5fbd623de04f8bc7426e2ed4f0895f562b28e957b71e4480ea732bc620e97f3e6919cb584a74e943564fee987d80168ffd431a057f903988a
SSDEEP

6144:PJKtxV5dhmR8GSTiMIDNrV5DSxXySkEjiPISUOgW9X+hOGzC/NM:PJKtxV5dhmR8pTmZbsXPkmZzcukG2/

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  def7cd96d074f74c01a24a7544dd49a0N.exe
- Size
  
  448KB
- MD5
  
  def7cd96d074f74c01a24a7544dd49a0
- SHA1
  
  492f4b3e7a85b690f3d29c110c5b890657b2ef34
- SHA256
  
  21e7e777534d3bdac1d49e8283ce0d0c28c229962fe571f53389a00c79a17f8f
- SHA512
  
  290d796220c089b5fbd623de04f8bc7426e2ed4f0895f562b28e957b71e4480ea732bc620e97f3e6919cb584a74e943564fee987d80168ffd431a057f903988a
- SSDEEP
  
  6144:PJKtxV5dhmR8GSTiMIDNrV5DSxXySkEjiPISUOgW9X+hOGzC/NM:PJKtxV5dhmR8pTmZbsXPkmZzcukG2/
Score

7^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation