21659f7b55d30fd92b976f7eff8fc635d3e536926536ffeee79364afa68b77e9 | Triage

Sharing

General

Target

ceaeb5383e6c0589de9a73e409896478.exe
Size

424KB
Sample

221102-r9we8shfd6
MD5

ceaeb5383e6c0589de9a73e409896478
SHA1

4cabab69582fa3fb2e131ec4d84ba41e70b2919b
SHA256

21659f7b55d30fd92b976f7eff8fc635d3e536926536ffeee79364afa68b77e9
SHA512

cde384735bdc0c8d259d506bf6e229bbf7b7974b06fdadfe9734d9d8de3dc3852558cc92e868cd1c2b7b04b0961d1ca8ba1b166314a7a6cfdced0ef176e9e5c7
SSDEEP

12288:kTjrxyMe1PKMK/lGRgOUqmq9kR6lhKXZ4juje8y:+j4fPKMK/cRgOnmq9g66GUe8y

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  ceaeb5383e6c0589de9a73e409896478.exe
- Size
  
  424KB
- MD5
  
  ceaeb5383e6c0589de9a73e409896478
- SHA1
  
  4cabab69582fa3fb2e131ec4d84ba41e70b2919b
- SHA256
  
  21659f7b55d30fd92b976f7eff8fc635d3e536926536ffeee79364afa68b77e9
- SHA512
  
  cde384735bdc0c8d259d506bf6e229bbf7b7974b06fdadfe9734d9d8de3dc3852558cc92e868cd1c2b7b04b0961d1ca8ba1b166314a7a6cfdced0ef176e9e5c7
- SSDEEP
  
  12288:kTjrxyMe1PKMK/lGRgOUqmq9kR6lhKXZ4juje8y:+j4fPKMK/cRgOnmq9g66GUe8y
Score

8^/10

discovery
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2