4cc10bf8879fc5272934e9a251c42a8ee645b2a334e183a9ba168fc1f77c9bec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4cc10bf8879fc5272934e9a251c42a8ee645b2a334e183a9ba168fc1f77c9bec
Size

1.3MB
Sample

220919-1mzzksebhp
MD5

48d1c0a7f9999c7e134a0d47c3ce43eb
SHA1

7c0097e0b1ca205c998a9728bf54124fe63c4d26
SHA256

4cc10bf8879fc5272934e9a251c42a8ee645b2a334e183a9ba168fc1f77c9bec
SHA512

462271a42ee651af42aaec65671bd70e9bc0fc37fbf579318cc49eec30bafee0577b72d0e7197bad98f03b1004eeefdc94766b94ef02be9e4a2842f9de4a60e8
SSDEEP

24576:lq/WSDhvtaC6bgMCdDCxj/PW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJb:l6iC531m3asY6DwOBfrnvV7UeWtp

Score

8^/10

Malware Config

Targets

- Target
  
  4cc10bf8879fc5272934e9a251c42a8ee645b2a334e183a9ba168fc1f77c9bec
- Size
  
  1.3MB
- MD5
  
  48d1c0a7f9999c7e134a0d47c3ce43eb
- SHA1
  
  7c0097e0b1ca205c998a9728bf54124fe63c4d26
- SHA256
  
  4cc10bf8879fc5272934e9a251c42a8ee645b2a334e183a9ba168fc1f77c9bec
- SHA512
  
  462271a42ee651af42aaec65671bd70e9bc0fc37fbf579318cc49eec30bafee0577b72d0e7197bad98f03b1004eeefdc94766b94ef02be9e4a2842f9de4a60e8
- SSDEEP
  
  24576:lq/WSDhvtaC6bgMCdDCxj/PW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJb:l6iC531m3asY6DwOBfrnvV7UeWtp
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2