381fa08a936f706f9425de8488fa05c6ae3a785aee3e80b5d431190d8c51bd45 | Triage

Sharing

General

Target

381fa08a936f706f9425de8488fa05c6ae3a785aee3e80b5d431190d8c51bd45
Size

171KB
Sample

221123-vtzdqsch7s
MD5

5549061d2e7611b35d9e43a0f65852d2
SHA1

3ba933bcd5b8fe00bac9bd744a21a726e01c0ddc
SHA256

381fa08a936f706f9425de8488fa05c6ae3a785aee3e80b5d431190d8c51bd45
SHA512

b8d50871863c5c8087591c6104ba5cc73c796e2e6600ea173bbfca92356204cca5aa5be4e057b3e05753410e47d0b27e8a9869c28cf91f62ca8087568c58b08c
SSDEEP

3072:iBAp5XhKpN4eOyVTGfhEClj8jTk+0hGC4nJuQVCKTp6:xbXE9OiTGfhEClq9dCsTCKTE

Score

8^/10

Malware Config

Targets

- Target
  
  381fa08a936f706f9425de8488fa05c6ae3a785aee3e80b5d431190d8c51bd45
- Size
  
  171KB
- MD5
  
  5549061d2e7611b35d9e43a0f65852d2
- SHA1
  
  3ba933bcd5b8fe00bac9bd744a21a726e01c0ddc
- SHA256
  
  381fa08a936f706f9425de8488fa05c6ae3a785aee3e80b5d431190d8c51bd45
- SHA512
  
  b8d50871863c5c8087591c6104ba5cc73c796e2e6600ea173bbfca92356204cca5aa5be4e057b3e05753410e47d0b27e8a9869c28cf91f62ca8087568c58b08c
- SSDEEP
  
  3072:iBAp5XhKpN4eOyVTGfhEClj8jTk+0hGC4nJuQVCKTp6:xbXE9OiTGfhEClq9dCsTCKTE
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2