b18c4fc2c6c99ea4529651bd40e4dc0feaecbce802b8c677ec6fa3b23c6be234 | Triage

Sharing

General

Target

b18c4fc2c6c99ea4529651bd40e4dc0feaecbce802b8c677ec6fa3b23c6be234
Size

333KB
Sample

221011-x3scwsbdbq
MD5

25a460611de50282a1263be194fe9d81
SHA1

7a3845f4225f9245cb1b8508be01a1ba8efd8450
SHA256

b18c4fc2c6c99ea4529651bd40e4dc0feaecbce802b8c677ec6fa3b23c6be234
SHA512

334b6c474393ca68b7f6d603d0f703c54977300302effd8607e36293e961bbfb589115831ef84075d65b479ffb2c467caa5d4b9d28d2e7a0811bad916bbca83b
SSDEEP

6144:0yI0Dzx0/zX1Uppzq2VmudvzB0gmKZG/eZ+dXqwNb00gNfoSc:E0DG/zXK/zq2Vpvzag/ZGmZo64bkfoSc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b18c4fc2c6c99ea4529651bd40e4dc0feaecbce802b8c677ec6fa3b23c6be234
- Size
  
  333KB
- MD5
  
  25a460611de50282a1263be194fe9d81
- SHA1
  
  7a3845f4225f9245cb1b8508be01a1ba8efd8450
- SHA256
  
  b18c4fc2c6c99ea4529651bd40e4dc0feaecbce802b8c677ec6fa3b23c6be234
- SHA512
  
  334b6c474393ca68b7f6d603d0f703c54977300302effd8607e36293e961bbfb589115831ef84075d65b479ffb2c467caa5d4b9d28d2e7a0811bad916bbca83b
- SSDEEP
  
  6144:0yI0Dzx0/zX1Uppzq2VmudvzB0gmKZG/eZ+dXqwNb00gNfoSc:E0DG/zXK/zq2Vpvzag/ZGmZo64bkfoSc
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2