b9b976e8da02c6913d881c3f7c9243fe9d061f1c6e66ae4f10cb3131ae0b95b3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9b976e8da02c6913d881c3f7c9243fe9d061f1c6e66ae4f10cb3131ae0b95b3
Size

6.1MB
Sample

221101-gqvpgshfbp
MD5

908415645c075819367689f7512ab4ea
SHA1

cfc5a6dc2ca46e00da6393828b20af02a8ec7209
SHA256

b9b976e8da02c6913d881c3f7c9243fe9d061f1c6e66ae4f10cb3131ae0b95b3
SHA512

d2d776ceec7426507149af088fd95bfb5916f10d95b92e1373b8a886c3e30b55c4ed9c84d14de6032dc038536092cf77f2dc4bdacda83cbb9ae1bc96905cdc34
SSDEEP

98304:70+NwsyVKInv+1YXPZE/5YXmekeJuOweiQ4VIBM3uqFSASKb1mAfhEv:wpRnvgoHXbkfX3jFxZvfSv

Score

8^/10

Malware Config

Targets

- Target
  
  b9b976e8da02c6913d881c3f7c9243fe9d061f1c6e66ae4f10cb3131ae0b95b3
- Size
  
  6.1MB
- MD5
  
  908415645c075819367689f7512ab4ea
- SHA1
  
  cfc5a6dc2ca46e00da6393828b20af02a8ec7209
- SHA256
  
  b9b976e8da02c6913d881c3f7c9243fe9d061f1c6e66ae4f10cb3131ae0b95b3
- SHA512
  
  d2d776ceec7426507149af088fd95bfb5916f10d95b92e1373b8a886c3e30b55c4ed9c84d14de6032dc038536092cf77f2dc4bdacda83cbb9ae1bc96905cdc34
- SSDEEP
  
  98304:70+NwsyVKInv+1YXPZE/5YXmekeJuOweiQ4VIBM3uqFSASKb1mAfhEv:wpRnvgoHXbkfX3jFxZvfSv
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1