07fa789834a65e05b5532bfdec7c36f595bb550748e075239734b4c0cfd5c918 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07fa789834a65e05b5532bfdec7c36f595bb550748e075239734b4c0cfd5c918
Size

248KB
Sample

221009-tapjrahbd9
MD5

8583e4670eb461c8b769f233393a3553
SHA1

cc80b1fa97a5b9a8e5324269d0bb9fc207829dbe
SHA256

07fa789834a65e05b5532bfdec7c36f595bb550748e075239734b4c0cfd5c918
SHA512

f2a600dcdfecac98cbf3081dc68fdf62273ab4eaaec8ad503ebc2b7e9692bf1231c24f86faea730e9d003a10c901e990592b9cc6e008d182fba784d093d403da
SSDEEP

6144:Udt56eh8ITcleMH9SDomjDBvMYos+CmDyZYIMsCIxl0J8koMAOZ5g:Udt56ehi/H9SDomjDBvMYojCmDu7Kxg

Score

8^/10

Malware Config

Targets

- Target
  
  07fa789834a65e05b5532bfdec7c36f595bb550748e075239734b4c0cfd5c918
- Size
  
  248KB
- MD5
  
  8583e4670eb461c8b769f233393a3553
- SHA1
  
  cc80b1fa97a5b9a8e5324269d0bb9fc207829dbe
- SHA256
  
  07fa789834a65e05b5532bfdec7c36f595bb550748e075239734b4c0cfd5c918
- SHA512
  
  f2a600dcdfecac98cbf3081dc68fdf62273ab4eaaec8ad503ebc2b7e9692bf1231c24f86faea730e9d003a10c901e990592b9cc6e008d182fba784d093d403da
- SSDEEP
  
  6144:Udt56eh8ITcleMH9SDomjDBvMYos+CmDyZYIMsCIxl0J8koMAOZ5g:Udt56ehi/H9SDomjDBvMYojCmDu7Kxg
Score

8^/10
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2