21e7c7759adc4d5968c0979bb623e7362ee1deaa7acd36ee02e75473a8cee82c | Triage

Sharing

General

Target

21e7c7759adc4d5968c0979bb623e7362ee1deaa7acd36ee02e75473a8cee82c
Size

74KB
Sample

221004-d74f6sbah6
MD5

c1b46bf9654a5febe9095ce5bb591b39
SHA1

e94124a662f8c492a097cee840c6130ac8539372
SHA256

21e7c7759adc4d5968c0979bb623e7362ee1deaa7acd36ee02e75473a8cee82c
SHA512

de23ed4448a3f665a5a52f727000c0a7e5a775a74d20bf60add3019248ac92777d9bed37f4bdd8ce79c150d97c9d3d043fdfed0865dabf72018dc7d54118bbdd
SSDEEP

768:uVOHR6dyI0hkKH07P4XUNoPNnREquHcbbbbxNnREquHcbbbbaw:tCn4ENyNiKbbbbxNiKbbbb

Score

8^/10

Malware Config

Targets

- Target
  
  21e7c7759adc4d5968c0979bb623e7362ee1deaa7acd36ee02e75473a8cee82c
- Size
  
  74KB
- MD5
  
  c1b46bf9654a5febe9095ce5bb591b39
- SHA1
  
  e94124a662f8c492a097cee840c6130ac8539372
- SHA256
  
  21e7c7759adc4d5968c0979bb623e7362ee1deaa7acd36ee02e75473a8cee82c
- SHA512
  
  de23ed4448a3f665a5a52f727000c0a7e5a775a74d20bf60add3019248ac92777d9bed37f4bdd8ce79c150d97c9d3d043fdfed0865dabf72018dc7d54118bbdd
- SSDEEP
  
  768:uVOHR6dyI0hkKH07P4XUNoPNnREquHcbbbbxNnREquHcbbbbaw:tCn4ENyNiKbbbbxNiKbbbb
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2