49b7ba26e5c1463f3badb3045627fb01ac10841615c2cf93ac62fc71b1aac7a4 | Triage

Sharing

General

Target

c6d5f52fc8a5c1061254d6e855bd3a46.zip
Size

105KB
Sample

240901-antabatfpp
MD5

bbebcdb7e8203d71d20407de54b602b6
SHA1

7baa5308cf1f29aa5b40588641fdb06642e56201
SHA256

49b7ba26e5c1463f3badb3045627fb01ac10841615c2cf93ac62fc71b1aac7a4
SHA512

d48d6a302402156f3401f3d7b55aec00b08495dfa62401013f65f7b264761a5473fdd9d26abe1679c6511aaf60fdff0258c29d6010440197fde1aa21a4eac118
SSDEEP

3072:Z19bsDtKDSVgucqxNrBQfxUh6Zv1iDuMLh6Xm+ncG9e2ms:KcgcYrB6TmzW/P

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  2f199a8059a95b58535067f49212a3247acd11ec9395870abe26e36318b99caf
- Size
  
  202KB
- MD5
  
  c6d5f52fc8a5c1061254d6e855bd3a46
- SHA1
  
  a4bd21f55a07907dda94db15291e71c112c200ea
- SHA256
  
  2f199a8059a95b58535067f49212a3247acd11ec9395870abe26e36318b99caf
- SHA512
  
  eca45eb372de757d1bab758737210b09b550e5d25786afb535416d60f846009877363ee8f1cdb3a6ff239af41c61e0b69be76d604e96c43381804cf4a1583c3a
- SSDEEP
  
  3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/858KkgnnpjBFB:o68i3odBiTl2+TCU/8nk8NhX
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence