c0d7771ca073a73a069984ced217b3ad9b42929780c3bb6972b482db90c4b453 | Triage

Sharing

General

Target

c0d7771ca073a73a069984ced217b3ad9b42929780c3bb6972b482db90c4b453
Size

46KB
Sample

221106-ng4z5ahcd8
MD5

0a85f2c1aa969391cf6a2f1d2b9054c5
SHA1

0b61d668ad7d136cdf4e3fa473915ef9f972f129
SHA256

c0d7771ca073a73a069984ced217b3ad9b42929780c3bb6972b482db90c4b453
SHA512

bf234966215cb56f500488e6ecbdfc1f48101496eccc94d0f29e8bab4479fa0ad1c88cd02b0d08660c3d7e3d508173d646210de476bc889933e362137313cf02
SSDEEP

384:iqo1xiD53kXW6KRS9oYQKgltm743wHnewGNnREqFt+hPbbbb0:iFcZ29VQRnm7MwHn6NnREq2Nbbbb0

Score

8^/10

Malware Config

Targets

- Target
  
  c0d7771ca073a73a069984ced217b3ad9b42929780c3bb6972b482db90c4b453
- Size
  
  46KB
- MD5
  
  0a85f2c1aa969391cf6a2f1d2b9054c5
- SHA1
  
  0b61d668ad7d136cdf4e3fa473915ef9f972f129
- SHA256
  
  c0d7771ca073a73a069984ced217b3ad9b42929780c3bb6972b482db90c4b453
- SHA512
  
  bf234966215cb56f500488e6ecbdfc1f48101496eccc94d0f29e8bab4479fa0ad1c88cd02b0d08660c3d7e3d508173d646210de476bc889933e362137313cf02
- SSDEEP
  
  384:iqo1xiD53kXW6KRS9oYQKgltm743wHnewGNnREqFt+hPbbbb0:iFcZ29VQRnm7MwHn6NnREq2Nbbbb0
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2