ab8b8a50b38cf7345e55dddf882511504fcc44ebabe2aa671708cc4b8b4e1795 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab8b8a50b38cf7345e55dddf882511504fcc44ebabe2aa671708cc4b8b4e1795
Size

184KB
Sample

221107-knmgwagea5
MD5

33a5c9ede38eb3c3a775ba24f18df3de
SHA1

2d35195af0d3143cd26706e6264d8b037f11a9a3
SHA256

ab8b8a50b38cf7345e55dddf882511504fcc44ebabe2aa671708cc4b8b4e1795
SHA512

3970e5039e43f32517c3ab3baa977a7c2bb620fcee85b4daff90f82158a5b36186049ba663e68788c281353867a4fa97c0005fbc9aeb649305b76943976b6379
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3A:/7BSH8zUB+nGESaaRvoB7FJNndnJ

Score

8^/10

Malware Config

Targets

- Target
  
  ab8b8a50b38cf7345e55dddf882511504fcc44ebabe2aa671708cc4b8b4e1795
- Size
  
  184KB
- MD5
  
  33a5c9ede38eb3c3a775ba24f18df3de
- SHA1
  
  2d35195af0d3143cd26706e6264d8b037f11a9a3
- SHA256
  
  ab8b8a50b38cf7345e55dddf882511504fcc44ebabe2aa671708cc4b8b4e1795
- SHA512
  
  3970e5039e43f32517c3ab3baa977a7c2bb620fcee85b4daff90f82158a5b36186049ba663e68788c281353867a4fa97c0005fbc9aeb649305b76943976b6379
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3A:/7BSH8zUB+nGESaaRvoB7FJNndnJ
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2