6394153f5ab99431eb629f0994316c886150f55b7db807ad8d1dfa84a84c9971 | Triage

Sharing

General

Target

6394153f5ab99431eb629f0994316c886150f55b7db807ad8d1dfa84a84c9971
Size

19KB
Sample

221121-vqsrsaeb2w
MD5

09b618ae615e2ad65adfb73558b8cac6
SHA1

a7b73fcc370eb13833547ce5b713115903fef08b
SHA256

6394153f5ab99431eb629f0994316c886150f55b7db807ad8d1dfa84a84c9971
SHA512

cfa9896deb80b50bafb9c1de0a450f2663237ccd75eab4f85adc4497894400d349f9331422954c2fcc22cfe2b0c839ae0616b6599e78b30afa2dcde45b385c1d
SSDEEP

384:+7ZfapsmVHgRK/rJ1OetA8gA49lBrenVyG+ftl:OpgTARK/rRggV8tl

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  6394153f5ab99431eb629f0994316c886150f55b7db807ad8d1dfa84a84c9971
- Size
  
  19KB
- MD5
  
  09b618ae615e2ad65adfb73558b8cac6
- SHA1
  
  a7b73fcc370eb13833547ce5b713115903fef08b
- SHA256
  
  6394153f5ab99431eb629f0994316c886150f55b7db807ad8d1dfa84a84c9971
- SHA512
  
  cfa9896deb80b50bafb9c1de0a450f2663237ccd75eab4f85adc4497894400d349f9331422954c2fcc22cfe2b0c839ae0616b6599e78b30afa2dcde45b385c1d
- SSDEEP
  
  384:+7ZfapsmVHgRK/rJ1OetA8gA49lBrenVyG+ftl:OpgTARK/rRggV8tl
Score

8^/10

discovery
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2