c1a7f703abeae6cc6b24d708db0108d2959d99e63c3bea08736e71a67c895b4e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1a7f703abeae6cc6b24d708db0108d2959d99e63c3bea08736e71a67c895b4e
Size

512KB
Sample

220918-3j1g2sfae6
MD5

226adb34a3b1c76c418a4518f0aef462
SHA1

3ee723ac8fd27153789b2750b99b853bb7d60526
SHA256

c1a7f703abeae6cc6b24d708db0108d2959d99e63c3bea08736e71a67c895b4e
SHA512

f11b6710754276d333b4772260ba3f195ae85865ea19c9e70457d9295a9cf3810f47a61f355262dc271ef45ca9825c87105dcd9883b8501f60e523e050bc4ac6
SSDEEP

12288:ARTO7KNDsJValqO+Ibz1Tx1YFDT4DQFu/U3buRKlemZ9DnGAer7k5PQIg7:AU8DQaEuNz9ef8

Score

8^/10

Malware Config

Targets

- Target
  
  c1a7f703abeae6cc6b24d708db0108d2959d99e63c3bea08736e71a67c895b4e
- Size
  
  512KB
- MD5
  
  226adb34a3b1c76c418a4518f0aef462
- SHA1
  
  3ee723ac8fd27153789b2750b99b853bb7d60526
- SHA256
  
  c1a7f703abeae6cc6b24d708db0108d2959d99e63c3bea08736e71a67c895b4e
- SHA512
  
  f11b6710754276d333b4772260ba3f195ae85865ea19c9e70457d9295a9cf3810f47a61f355262dc271ef45ca9825c87105dcd9883b8501f60e523e050bc4ac6
- SSDEEP
  
  12288:ARTO7KNDsJValqO+Ibz1Tx1YFDT4DQFu/U3buRKlemZ9DnGAer7k5PQIg7:AU8DQaEuNz9ef8
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2