76b1e79c01ef9f081cca3151ba9c0230ff8b478ef42f70f61259797e04cb5023 | Triage

Sharing

General

Target

76b1e79c01ef9f081cca3151ba9c0230ff8b478ef42f70f61259797e04cb5023.exe
Size

4.0MB
Sample

240823-lzfzxaxeje
MD5

3aae32f5784f7d899b27c17b5240a814
SHA1

a4ebe15d0ae04238cf8ec5690228d57197168374
SHA256

76b1e79c01ef9f081cca3151ba9c0230ff8b478ef42f70f61259797e04cb5023
SHA512

772d77605f6ceef7ce9b62383b572c2aef548c0fd8d24c73a30715191b33979b08bfd56eac1e08feff927156418db14caea8045cfaa0c483969811d70d976c8e
SSDEEP

98304:32ioEn1bAAoceqdy0epRJ7t2Uu1yREG08M9aykjnjVNQ4pXUn:GEn1bAAoc3ebJ7Zr89aNVddG

Score

8^/10

discovery evasion

Malware Config

Targets

- Target
  
  76b1e79c01ef9f081cca3151ba9c0230ff8b478ef42f70f61259797e04cb5023.exe
- Size
  
  4.0MB
- MD5
  
  3aae32f5784f7d899b27c17b5240a814
- SHA1
  
  a4ebe15d0ae04238cf8ec5690228d57197168374
- SHA256
  
  76b1e79c01ef9f081cca3151ba9c0230ff8b478ef42f70f61259797e04cb5023
- SHA512
  
  772d77605f6ceef7ce9b62383b572c2aef548c0fd8d24c73a30715191b33979b08bfd56eac1e08feff927156418db14caea8045cfaa0c483969811d70d976c8e
- SSDEEP
  
  98304:32ioEn1bAAoceqdy0epRJ7t2Uu1yREG08M9aykjnjVNQ4pXUn:GEn1bAAoc3ebJ7Zr89aNVddG
Score

8^/10

discovery evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion