98311b0f2db77df9b05d4f843dbcd438c33d89a9f5f7f9c102a5d448bba372c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

register.zip
Size

19.2MB
Sample

240911-p6nvwasajb
MD5

9e80a5b89021728c8102587cd92eccd6
SHA1

98780dad23676bc84e6eac835625b8c3ad2327bf
SHA256

98311b0f2db77df9b05d4f843dbcd438c33d89a9f5f7f9c102a5d448bba372c8
SHA512

77fda56bc326686c5f4bd1177a1522a01f2d9893832b3ebe7d0e8f888ded16e55cbb351436d02f76b2663ba4a0803d60df4fce4858b4a1b4f7b26c2019007307
SSDEEP

393216:HQeuhXwanwPBMfvviLiIMLglFMpku+EHHuokzfGo6dgQ:HuhXwawPuf4udkiHuJfSdL

Score

10^/10

discovery evasion execution

Malware Config

Targets

- Target
  
  register.exe
- Size
  
  20.0MB
- MD5
  
  949225d7fde90d5be297a33ad0151093
- SHA1
  
  fe0a440d66d27597294739164dbcc4af3f51b4c1
- SHA256
  
  f958245ea166abe3caa2dacd53def5b8d22cf6046b09e45bb9faa246f4f3cce7
- SHA512
  
  a6636c94dc0f31fe04d407b19b0ffdb846e7ae5c9ec9086b91c26620a2ce062d63cc5a5b347881542e5525a675c160728f09b4ea1fbeb64f60869da658a930ce
- SSDEEP
  
  393216:i92HnQ4oMfqzaJRzF2D0XPxXb9j6g9OhZgFr0DN0aCW1WGy8:ZHQ9MfpRzOkXb9jt9O9ifGy8
Score

10^/10

discovery evasion execution
- Disables service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecution

behavioral2

discoveryevasionexecution