b852a1e6bc0d8d81b0c4d22fe4d7f7926b7101d84ea9c8e1fb28ec889506926f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b852a1e6bc0d8d81b0c4d22fe4d7f7926b7101d84ea9c8e1fb28ec889506926f
Size

159KB
Sample

221001-18fg3abagp
MD5

72eee784dae6641969aef2bbcea02b64
SHA1

cfb3d9e678d7605ce86270a0b41af336234e798d
SHA256

b852a1e6bc0d8d81b0c4d22fe4d7f7926b7101d84ea9c8e1fb28ec889506926f
SHA512

b25f6f56d752ba74e6f9960b38607b4b525932280b37f42877faa9fbde3a48c1f2db94fe8c70d0b6002f7cc8d41a7de42fc6dbf1f5c700a581fc40f47be3ad26
SSDEEP

3072:f9BQf+L0ghfXmsHHFLXPi+8iJeWE77SO6xkPINWHj7FW5Jjp:f9uWL0gh/mIHFDPi+5J9NiX1E

Score

8^/10

Malware Config

Targets

- Target
  
  b852a1e6bc0d8d81b0c4d22fe4d7f7926b7101d84ea9c8e1fb28ec889506926f
- Size
  
  159KB
- MD5
  
  72eee784dae6641969aef2bbcea02b64
- SHA1
  
  cfb3d9e678d7605ce86270a0b41af336234e798d
- SHA256
  
  b852a1e6bc0d8d81b0c4d22fe4d7f7926b7101d84ea9c8e1fb28ec889506926f
- SHA512
  
  b25f6f56d752ba74e6f9960b38607b4b525932280b37f42877faa9fbde3a48c1f2db94fe8c70d0b6002f7cc8d41a7de42fc6dbf1f5c700a581fc40f47be3ad26
- SSDEEP
  
  3072:f9BQf+L0ghfXmsHHFLXPi+8iJeWE77SO6xkPINWHj7FW5Jjp:f9uWL0gh/mIHFDPi+5J9NiX1E
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2