9c78e2b53d79f4ea0d694adc1ea31c352dc3c79ff0ceac865f62036ca9e6b8d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c78e2b53d79f4ea0d694adc1ea31c352dc3c79ff0ceac865f62036ca9e6b8d0
Size

839KB
Sample

221121-3qse1sbg75
MD5

4c68e3236c9035af979437d1647fb190
SHA1

6278578a2235775a5e5ab39e4ea649b32a047d3a
SHA256

9c78e2b53d79f4ea0d694adc1ea31c352dc3c79ff0ceac865f62036ca9e6b8d0
SHA512

65e6cb98740def433c89c361adee8a9e8b508b6a89f4b0d20e5769d09bc7cba3c1710ff96e8bc3fdd27c646c91b164c1ba220939a7f5e6c732fa33cdbc53c8cc
SSDEEP

24576:aUpkSNZ+5UnQtTN8FGIaScYQqSAOEBAtSdcENAOmgJ:aUiPkspdYIqSAOECLE2OmgJ

Score

8^/10

Malware Config

Targets

- Target
  
  9c78e2b53d79f4ea0d694adc1ea31c352dc3c79ff0ceac865f62036ca9e6b8d0
- Size
  
  839KB
- MD5
  
  4c68e3236c9035af979437d1647fb190
- SHA1
  
  6278578a2235775a5e5ab39e4ea649b32a047d3a
- SHA256
  
  9c78e2b53d79f4ea0d694adc1ea31c352dc3c79ff0ceac865f62036ca9e6b8d0
- SHA512
  
  65e6cb98740def433c89c361adee8a9e8b508b6a89f4b0d20e5769d09bc7cba3c1710ff96e8bc3fdd27c646c91b164c1ba220939a7f5e6c732fa33cdbc53c8cc
- SSDEEP
  
  24576:aUpkSNZ+5UnQtTN8FGIaScYQqSAOEBAtSdcENAOmgJ:aUiPkspdYIqSAOECLE2OmgJ
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2