e5edb5a0b2e4cf611675b595f23a825635a9b3dee7aba34ae061bcc6955bb32f | Triage

Sharing

General

Target

c3da0516f06df08b9592e453c44247d0N.exe
Size

193KB
Sample

240822-kgcdbsxcma
MD5

c3da0516f06df08b9592e453c44247d0
SHA1

64903d264f25659ec99e7b8dd419cb703f8a9ab8
SHA256

e5edb5a0b2e4cf611675b595f23a825635a9b3dee7aba34ae061bcc6955bb32f
SHA512

d3118e1187ead203988c68a52ed468998404ad5c0bd28f60f19d7022a7a86e3d586a85e19aa57c420be900628023caa5224c1b733697a7fb5c4a61aafd4aecde
SSDEEP

6144:DBs27GluLyXxQQIIIhg6XXXDzXXX13s2III/TAXXXmlXXXLIIIG/ru5Ygn:DK2+yQIII1XXX/XXX62III/UXXXmlXX2

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  c3da0516f06df08b9592e453c44247d0N.exe
- Size
  
  193KB
- MD5
  
  c3da0516f06df08b9592e453c44247d0
- SHA1
  
  64903d264f25659ec99e7b8dd419cb703f8a9ab8
- SHA256
  
  e5edb5a0b2e4cf611675b595f23a825635a9b3dee7aba34ae061bcc6955bb32f
- SHA512
  
  d3118e1187ead203988c68a52ed468998404ad5c0bd28f60f19d7022a7a86e3d586a85e19aa57c420be900628023caa5224c1b733697a7fb5c4a61aafd4aecde
- SSDEEP
  
  6144:DBs27GluLyXxQQIIIhg6XXXDzXXX13s2III/TAXXXmlXXXLIIIG/ru5Ygn:DK2+yQIII1XXX/XXX62III/UXXXmlXX2
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery