a308f7caa78428ebcc7daa1c3c6d1b8c0c1ea364dc1e385683faf56d144244ed | Triage

Sharing

General

Target

a308f7caa78428ebcc7daa1c3c6d1b8c0c1ea364dc1e385683faf56d144244ed
Size

613KB
Sample

221106-ftam2sdfd5
MD5

3b82b316d22ec46e3fb7f49d4a15ad50
SHA1

a00c60dcf0b096682c7489add9a3fb5c01ed9cab
SHA256

a308f7caa78428ebcc7daa1c3c6d1b8c0c1ea364dc1e385683faf56d144244ed
SHA512

7562472de4f5fec1fb72cc4036e32b4cb297ad7210e80ad50c3939180e5d32256245c890b333e5ed619ac3b0fb99b4d570721c2b84e8c3c4bb4c48189c4fb288
SSDEEP

12288:VHjcoe9PH96vB/fAuBcm9TyOE/xG3muGx44MG4Yx:VDgINfAuBcgcZG2uG24MG4Y

Score

8^/10

Malware Config

Targets

- Target
  
  a308f7caa78428ebcc7daa1c3c6d1b8c0c1ea364dc1e385683faf56d144244ed
- Size
  
  613KB
- MD5
  
  3b82b316d22ec46e3fb7f49d4a15ad50
- SHA1
  
  a00c60dcf0b096682c7489add9a3fb5c01ed9cab
- SHA256
  
  a308f7caa78428ebcc7daa1c3c6d1b8c0c1ea364dc1e385683faf56d144244ed
- SHA512
  
  7562472de4f5fec1fb72cc4036e32b4cb297ad7210e80ad50c3939180e5d32256245c890b333e5ed619ac3b0fb99b4d570721c2b84e8c3c4bb4c48189c4fb288
- SSDEEP
  
  12288:VHjcoe9PH96vB/fAuBcm9TyOE/xG3muGx44MG4Yx:VDgINfAuBcgcZG2uG24MG4Y
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2