ba7ef4bd5c5f0edb53a8241454de2d471ef198b1dcc4f9b237a2faf36f2b63cf | Triage

Sharing

General

Target

ba7ef4bd5c5f0edb53a8241454de2d471ef198b1dcc4f9b237a2faf36f2b63cfN.exe
Size

1.0MB
Sample

240925-nha4fasejj
MD5

9d768567d44193f17d840bcb4e4fa340
SHA1

c9ec0494e9d5e8baf2eee2fa4edb82b6de314486
SHA256

ba7ef4bd5c5f0edb53a8241454de2d471ef198b1dcc4f9b237a2faf36f2b63cf
SHA512

7368c3273678f6b48eff356cc369152d688011770cb98faecca9a8e3c9eeecdf403393b1ea2e776296609febd01cdc9d99515c0544dd186176a791930ad403a0
SSDEEP

24576:W/GRzatThRiVNbLGJv6plFh9iGa2oMYMgdsHG:F8TjFJspDLoVMgdk

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  ba7ef4bd5c5f0edb53a8241454de2d471ef198b1dcc4f9b237a2faf36f2b63cfN.exe
- Size
  
  1.0MB
- MD5
  
  9d768567d44193f17d840bcb4e4fa340
- SHA1
  
  c9ec0494e9d5e8baf2eee2fa4edb82b6de314486
- SHA256
  
  ba7ef4bd5c5f0edb53a8241454de2d471ef198b1dcc4f9b237a2faf36f2b63cf
- SHA512
  
  7368c3273678f6b48eff356cc369152d688011770cb98faecca9a8e3c9eeecdf403393b1ea2e776296609febd01cdc9d99515c0544dd186176a791930ad403a0
- SSDEEP
  
  24576:W/GRzatThRiVNbLGJv6plFh9iGa2oMYMgdsHG:F8TjFJspDLoVMgdk
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence