872ec2673f1bf43c1a97f3b72bf416ab3b7832a1472a535fa5eb1b3374be943d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

872ec2673f1bf43c1a97f3b72bf416ab3b7832a1472a535fa5eb1b3374be943d
Size

180KB
Sample

221107-ttk1nshgbq
MD5

7e401837eb093f039dc2ad7ebcd3d267
SHA1

e180683f987cd557b387189b026122f874a42c58
SHA256

872ec2673f1bf43c1a97f3b72bf416ab3b7832a1472a535fa5eb1b3374be943d
SHA512

44014fd0d14be849a0ccd34aa79a883f79f863c49b4e3a140b0031c6c34857a08987e019dbafc955426d5b7cf56fc0a1d7a0157aeaf327bcc59b6b3c0701e1a7
SSDEEP

3072:+BAp5XhKpN4eOyVTGfhEClj8jTk+0hxG8jQExTlO:VbXE9OiTGfhEClq99W9xg

Score

8^/10

Malware Config

Targets

- Target
  
  872ec2673f1bf43c1a97f3b72bf416ab3b7832a1472a535fa5eb1b3374be943d
- Size
  
  180KB
- MD5
  
  7e401837eb093f039dc2ad7ebcd3d267
- SHA1
  
  e180683f987cd557b387189b026122f874a42c58
- SHA256
  
  872ec2673f1bf43c1a97f3b72bf416ab3b7832a1472a535fa5eb1b3374be943d
- SHA512
  
  44014fd0d14be849a0ccd34aa79a883f79f863c49b4e3a140b0031c6c34857a08987e019dbafc955426d5b7cf56fc0a1d7a0157aeaf327bcc59b6b3c0701e1a7
- SSDEEP
  
  3072:+BAp5XhKpN4eOyVTGfhEClj8jTk+0hxG8jQExTlO:VbXE9OiTGfhEClq99W9xg
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2