e22ebe73686d839f02eefd2f65ed1ea307b8e9b1ccc1c16f3ff2a02fc7776caa | Triage

Sharing

General

Target

e22ebe73686d839f02eefd2f65ed1ea307b8e9b1ccc1c16f3ff2a02fc7776caa
Size

65KB
Sample

241121-l67q7s1amh
MD5

f18579f6f8a65e0af714d728f57d804b
SHA1

c63f532df2a9ac253f15d24ebf6ec18e05925b52
SHA256

e22ebe73686d839f02eefd2f65ed1ea307b8e9b1ccc1c16f3ff2a02fc7776caa
SHA512

f9f70c2f7b6d34374aa0a259bbcdd5742aaca8a7fc5dd2caf41e9077b5c0b77c21507a61df5fd8dce30da22704fab9efbcb8095570e256eb1f28ac192eef675a
SSDEEP

1536:lUD7lbMshaamkAwBgttX6hx0pIc3/CJD6rfch4:lUD7vbmlwBgttXux+9q56rfB

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  e22ebe73686d839f02eefd2f65ed1ea307b8e9b1ccc1c16f3ff2a02fc7776caa
- Size
  
  65KB
- MD5
  
  f18579f6f8a65e0af714d728f57d804b
- SHA1
  
  c63f532df2a9ac253f15d24ebf6ec18e05925b52
- SHA256
  
  e22ebe73686d839f02eefd2f65ed1ea307b8e9b1ccc1c16f3ff2a02fc7776caa
- SHA512
  
  f9f70c2f7b6d34374aa0a259bbcdd5742aaca8a7fc5dd2caf41e9077b5c0b77c21507a61df5fd8dce30da22704fab9efbcb8095570e256eb1f28ac192eef675a
- SSDEEP
  
  1536:lUD7lbMshaamkAwBgttX6hx0pIc3/CJD6rfch4:lUD7vbmlwBgttXux+9q56rfB
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence