ba0dfee31b6acf609d0d8b74bd9af20ede43bdf0f44b0b6d9b1a486f838de14b | Triage

Sharing

General

Target

ba0dfee31b6acf609d0d8b74bd9af20ede43bdf0f44b0b6d9b1a486f838de14bN
Size

57KB
Sample

241005-s9g4aawekm
MD5

a50f84553d56ae0f304b1457d324bab0
SHA1

579b19837ef28ec09dea1999928f6cc878d632c6
SHA256

ba0dfee31b6acf609d0d8b74bd9af20ede43bdf0f44b0b6d9b1a486f838de14b
SHA512

7d27cc84d18a7fb21d0d07379092a71aa593e91ef6156589bd2f60de459d79b8ecd32ecb56ae4687a634f8c69876b0cd55151202352881473f779cbe398436d6
SSDEEP

1536:hvQoLHjw2iWPKMvw71/RLyX3NvvvZeee5LttttU:hv5Ls27BIJ/RLyX3HeeeRttttU

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  ba0dfee31b6acf609d0d8b74bd9af20ede43bdf0f44b0b6d9b1a486f838de14bN
- Size
  
  57KB
- MD5
  
  a50f84553d56ae0f304b1457d324bab0
- SHA1
  
  579b19837ef28ec09dea1999928f6cc878d632c6
- SHA256
  
  ba0dfee31b6acf609d0d8b74bd9af20ede43bdf0f44b0b6d9b1a486f838de14b
- SHA512
  
  7d27cc84d18a7fb21d0d07379092a71aa593e91ef6156589bd2f60de459d79b8ecd32ecb56ae4687a634f8c69876b0cd55151202352881473f779cbe398436d6
- SSDEEP
  
  1536:hvQoLHjw2iWPKMvw71/RLyX3NvvvZeee5LttttU:hv5Ls27BIJ/RLyX3HeeeRttttU
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery