a921b981cfbe72fd824d0e7fbc891d2eff4f9f3d87f22ad582522afcedd7d93c | Triage

Sharing

General

Target

a921b981cfbe72fd824d0e7fbc891d2eff4f9f3d87f22ad582522afcedd7d93c
Size

336KB
Sample

241121-ekaq1symaw
MD5

36f985a7b6a416bce1d6a879fd6e6c9d
SHA1

642a35f27f0bc6ad4f16e1afcbe4a9f47908d766
SHA256

a921b981cfbe72fd824d0e7fbc891d2eff4f9f3d87f22ad582522afcedd7d93c
SHA512

e7368054d9db5174cc1e2ecf1624b49fd5e078023428b94d36d7b0947ff4a9ee42ae532fb12865ccfd5df303da412e19ddb84c713171d9c38c90d2c3f3ec6d5a
SSDEEP

6144:db0qvoJzjUfzY8E8bBhMxHSwimq4kDc1U5wyoxzS7ncj277Ham1PsBcTX9WsKA+:dbDoIfE8VNmxHSsq4n1ZSw277Hp1Ps8q

Score

7^/10

defense_evasion discovery privilege_escalation

Malware Config

Targets

- Target
  
  GetSYSTEM.bat
- Size
  
  174B
- MD5
  
  6044fd7e5736a0723d11a386357644b3
- SHA1
  
  95cc4ab4aa86ceb39b4197a533bc385be716dfe6
- SHA256
  
  b25e5f999bd070872cc370edcdbec0ab2fcc28575522aa895a26739852f7b2ef
- SHA512
  
  cb13031532b7e314dcce49298fdc70741410d81f4bfe11114011f45c08a0a29b40e1b8c47495d31168c7083e0b42f5ab472234d5d0b5e66fb1367614cdaa3259
Score

7^/10

defense_evasion discovery privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  PsExec.exe
- Size
  
  699KB
- MD5
  
  24a648a48741b1ac809e47b9543c6f12
- SHA1
  
  3e2272b916da4be3c120d17490423230ab62c174
- SHA256
  
  078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b
- SHA512
  
  b974ce956f2e922e92ca414d1bd6cc7bcb36bc44532b28b392f2a8052d6d47fd742841c4add6ec5c8283d28d7245b1704af34a523917e49cef007eef700a0b9a
- SSDEEP
  
  12288:LOO6oMlKDdwPDMlkw6Pph0lhSMXle+eO1HK+meynh5yRX3oRG72:LD9McwPDCkw6Bh0lhSMXlemqth5yRX3E
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryprivilege_escalation

behavioral2

defense_evasiondiscoveryprivilege_escalation

behavioral3

behavioral4