4f41cfd1ac1f0ede24b11f57e064e0fafcd0924799151bfdf344b24a48e78d08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0f5ced297718c0397c4313e688dd950N.exe
Size

5.4MB
Sample

240906-sbbtlstapd
MD5

f0f5ced297718c0397c4313e688dd950
SHA1

ce2e7618bbf6f11c2c7557d050ea2cbd182230e6
SHA256

4f41cfd1ac1f0ede24b11f57e064e0fafcd0924799151bfdf344b24a48e78d08
SHA512

f2982801a1dba83a7c7705b400a862845ae5a1bdb89e76567d4810223123b3bca9914f9d40e5d0d7cb127183f2e408f22872afd1423c67db13992c1ff1235f9b
SSDEEP

49152:t/GwolSbDBRf2T2RhwwfNMrBIVeZ2xSiLU4UVJUVudq9WTLAYFIVrtN:3f2Qa++kShfU1WRitN

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  f0f5ced297718c0397c4313e688dd950N.exe
- Size
  
  5.4MB
- MD5
  
  f0f5ced297718c0397c4313e688dd950
- SHA1
  
  ce2e7618bbf6f11c2c7557d050ea2cbd182230e6
- SHA256
  
  4f41cfd1ac1f0ede24b11f57e064e0fafcd0924799151bfdf344b24a48e78d08
- SHA512
  
  f2982801a1dba83a7c7705b400a862845ae5a1bdb89e76567d4810223123b3bca9914f9d40e5d0d7cb127183f2e408f22872afd1423c67db13992c1ff1235f9b
- SSDEEP
  
  49152:t/GwolSbDBRf2T2RhwwfNMrBIVeZ2xSiLU4UVJUVudq9WTLAYFIVrtN:3f2Qa++kShfU1WRitN
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence