99ae9ea2c74275eb99f4b8d48a916fdf9afedf480bd87f01709d2aab77847656 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99ae9ea2c74275eb99f4b8d48a916fdf9afedf480bd87f01709d2aab77847656
Size

180KB
Sample

221030-swfcjagbc5
MD5

aed9324fda9a763f8406a61ff645c8b5
SHA1

73c7956d55f6c2f4b8f1cf77eac7a00cb5bbb370
SHA256

99ae9ea2c74275eb99f4b8d48a916fdf9afedf480bd87f01709d2aab77847656
SHA512

1c60f34742bef68f03fd4d1294d362a229e3499b29915b7a327fa5333de40ecd28bad03043a2d29a590bbaafc35cf8f62fb2962949a5957d2424ef8a574e90d8
SSDEEP

3072:JBAp5XhKpN4eOyVTGfhEClj8jTk+0hmj2MIx72b3GB+:MbXE9OiTGfhEClq91XIx72DD

Score

8^/10

Malware Config

Targets

- Target
  
  99ae9ea2c74275eb99f4b8d48a916fdf9afedf480bd87f01709d2aab77847656
- Size
  
  180KB
- MD5
  
  aed9324fda9a763f8406a61ff645c8b5
- SHA1
  
  73c7956d55f6c2f4b8f1cf77eac7a00cb5bbb370
- SHA256
  
  99ae9ea2c74275eb99f4b8d48a916fdf9afedf480bd87f01709d2aab77847656
- SHA512
  
  1c60f34742bef68f03fd4d1294d362a229e3499b29915b7a327fa5333de40ecd28bad03043a2d29a590bbaafc35cf8f62fb2962949a5957d2424ef8a574e90d8
- SSDEEP
  
  3072:JBAp5XhKpN4eOyVTGfhEClj8jTk+0hmj2MIx72b3GB+:MbXE9OiTGfhEClq91XIx72DD
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2