18f24e0983dc3a449e0dff309c309fe0794e6036cd31d850a78638d3060a836a | Triage

Sharing

General

Target

18f24e0983dc3a449e0dff309c309fe0794e6036cd31d850a78638d3060a836a
Size

180KB
Sample

221123-vvy5csda5v
MD5

c0e2bff5c7080984e53927eace8945db
SHA1

4cfe916cfa6806be5a4cfaa8ea0312c014179fea
SHA256

18f24e0983dc3a449e0dff309c309fe0794e6036cd31d850a78638d3060a836a
SHA512

6b3fc79fa100849221df0f2e370188c952d536283a33f9c791b724d4344212df5b4db3294d7777387fae055ba1c6aca378402b5a629c51917cc8b356abea4be1
SSDEEP

3072:fBAp5XhKpN4eOyVTGfhEClj8jTk+0hD+V64pfPFxi+:ibXE9OiTGfhEClq9VzfPFk+

Score

8^/10

Malware Config

Targets

- Target
  
  18f24e0983dc3a449e0dff309c309fe0794e6036cd31d850a78638d3060a836a
- Size
  
  180KB
- MD5
  
  c0e2bff5c7080984e53927eace8945db
- SHA1
  
  4cfe916cfa6806be5a4cfaa8ea0312c014179fea
- SHA256
  
  18f24e0983dc3a449e0dff309c309fe0794e6036cd31d850a78638d3060a836a
- SHA512
  
  6b3fc79fa100849221df0f2e370188c952d536283a33f9c791b724d4344212df5b4db3294d7777387fae055ba1c6aca378402b5a629c51917cc8b356abea4be1
- SSDEEP
  
  3072:fBAp5XhKpN4eOyVTGfhEClj8jTk+0hD+V64pfPFxi+:ibXE9OiTGfhEClq9VzfPFk+
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2