948a55e050f0d8fbaf359ddb6b6abbb6132af66354d7e930c7ce901c76f5e7b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PenguinProxy.exe
Size

68.7MB
Sample

240901-rprxbatalq
MD5

96684c702e0c0de05558dc02cb86f81d
SHA1

53594ede3e37f193c5f25fda819588e7e526af94
SHA256

948a55e050f0d8fbaf359ddb6b6abbb6132af66354d7e930c7ce901c76f5e7b9
SHA512

8f0c0fe22cf73b0f09ecdd2301b60af2b4721800e315a2edca4965754e449f47c9cba681c38ffa2fcf29ef9f68fd05613c274502f65337ebc5ceac0302dda8e4
SSDEEP

1572864:MvPu4OjcNP43qLW6GRXS2Fgh53VIRTR3qw7uTvury4B03T4O:OuAyfS2Fgh53Vy3X7Uury3TN

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  PenguinProxy.exe
- Size
  
  68.7MB
- MD5
  
  96684c702e0c0de05558dc02cb86f81d
- SHA1
  
  53594ede3e37f193c5f25fda819588e7e526af94
- SHA256
  
  948a55e050f0d8fbaf359ddb6b6abbb6132af66354d7e930c7ce901c76f5e7b9
- SHA512
  
  8f0c0fe22cf73b0f09ecdd2301b60af2b4721800e315a2edca4965754e449f47c9cba681c38ffa2fcf29ef9f68fd05613c274502f65337ebc5ceac0302dda8e4
- SSDEEP
  
  1572864:MvPu4OjcNP43qLW6GRXS2Fgh53VIRTR3qw7uTvury4B03T4O:OuAyfS2Fgh53Vy3X7Uury3TN
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence