be349c826ca3b10d174dcc5acb735893b3844c1ec73feb736ad0c928d3493b87 | Triage

Sharing

General

Target

be349c826ca3b10d174dcc5acb735893b3844c1ec73feb736ad0c928d3493b87
Size

23KB
Sample

221002-plvspagcgl
MD5

6d5dc1090eac0cc936747ba95cd97b90
SHA1

078a7f696984cb9eed8563391ff4822e2f1b7935
SHA256

be349c826ca3b10d174dcc5acb735893b3844c1ec73feb736ad0c928d3493b87
SHA512

0f7d196eed632f00d44b9298e9a43bf09918773c1b77a1ac5a342deb6a4beec43a3a0e779425a73249bc8a872818367ea0d7654fe16d0c0c9b650bb530c76184
SSDEEP

384:boOEojW/znj1PcpJ6vWddlbjdI+CfkZC1CQB5AfjkC5CJC:bvsznj1tibjRCfkECdfjbCY

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  be349c826ca3b10d174dcc5acb735893b3844c1ec73feb736ad0c928d3493b87
- Size
  
  23KB
- MD5
  
  6d5dc1090eac0cc936747ba95cd97b90
- SHA1
  
  078a7f696984cb9eed8563391ff4822e2f1b7935
- SHA256
  
  be349c826ca3b10d174dcc5acb735893b3844c1ec73feb736ad0c928d3493b87
- SHA512
  
  0f7d196eed632f00d44b9298e9a43bf09918773c1b77a1ac5a342deb6a4beec43a3a0e779425a73249bc8a872818367ea0d7654fe16d0c0c9b650bb530c76184
- SSDEEP
  
  384:boOEojW/znj1PcpJ6vWddlbjdI+CfkZC1CQB5AfjkC5CJC:bvsznj1tibjRCfkECdfjbCY
Score

8^/10

discovery
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2