32bf6396ba19b940a778f7ab4f62dd79ac1ddbf65524f9c11631b0f7690af0bc | Triage

Sharing

General

Target

c5097f98c49b1a92ae0cb6171a63b42d.exe
Size

1.7MB
Sample

220505-fypmrsfbf9
MD5

c5097f98c49b1a92ae0cb6171a63b42d
SHA1

88f2248464b44c0916e504a2bceee893445cc018
SHA256

32bf6396ba19b940a778f7ab4f62dd79ac1ddbf65524f9c11631b0f7690af0bc
SHA512

49fad1ea39107ba36b7940b82d5f54e02c87f45ddecdbdf1f70bd27d804086fa168b0b429b92e53529feb1db08dd1f27510898d3ca29f69fb831ffbcb13cc19a

Score

8^/10

Malware Config

Targets

- Target
  
  c5097f98c49b1a92ae0cb6171a63b42d.exe
- Size
  
  1.7MB
- MD5
  
  c5097f98c49b1a92ae0cb6171a63b42d
- SHA1
  
  88f2248464b44c0916e504a2bceee893445cc018
- SHA256
  
  32bf6396ba19b940a778f7ab4f62dd79ac1ddbf65524f9c11631b0f7690af0bc
- SHA512
  
  49fad1ea39107ba36b7940b82d5f54e02c87f45ddecdbdf1f70bd27d804086fa168b0b429b92e53529feb1db08dd1f27510898d3ca29f69fb831ffbcb13cc19a
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2