409a48e7dc08568a41a9c097ed88f2a2d16ba48de66f69e0c4fc227a48126a0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

409a48e7dc08568a41a9c097ed88f2a2d16ba48de66f69e0c4fc227a48126a0d
Size

22KB
Sample

221030-v39aasdaaq
MD5

836d4ca8bc133405e96c3ede9c3dd0e0
SHA1

69aada5220f88d359a82585fee678912b43d9dd2
SHA256

409a48e7dc08568a41a9c097ed88f2a2d16ba48de66f69e0c4fc227a48126a0d
SHA512

98f7aac3b7456201f3ce9c84c80fdf99b7473dc9fda6f734f2a9a8b60c9b90ad55a7c9bff273e9baa37b9b196b4c4c22bbc097a6e240ed274cfbb19c3aae6b13
SSDEEP

384:IMAP4wZ6khYJRKiC0bz94calJJjjjCRAAAAA2+Y5Vnv44SY:IM0ZiLCWwJjjHsQW

Score

8^/10

Malware Config

Targets

- Target
  
  409a48e7dc08568a41a9c097ed88f2a2d16ba48de66f69e0c4fc227a48126a0d
- Size
  
  22KB
- MD5
  
  836d4ca8bc133405e96c3ede9c3dd0e0
- SHA1
  
  69aada5220f88d359a82585fee678912b43d9dd2
- SHA256
  
  409a48e7dc08568a41a9c097ed88f2a2d16ba48de66f69e0c4fc227a48126a0d
- SHA512
  
  98f7aac3b7456201f3ce9c84c80fdf99b7473dc9fda6f734f2a9a8b60c9b90ad55a7c9bff273e9baa37b9b196b4c4c22bbc097a6e240ed274cfbb19c3aae6b13
- SSDEEP
  
  384:IMAP4wZ6khYJRKiC0bz94calJJjjjCRAAAAA2+Y5Vnv44SY:IM0ZiLCWwJjjHsQW
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2