f1cd5c4148fd5b4b3110a6db16f4ed35564d602cbdb3387ef57c1fd4ee0387a6 | Triage

Sharing

General

Target

f1cd5c4148fd5b4b3110a6db16f4ed35564d602cbdb3387ef57c1fd4ee0387a6
Size

485KB
Sample

221127-appcraah3v
MD5

c5bf2c7164ded86dee218f8b2cdd6240
SHA1

2a449cf4e0245257efb5de510abb5142dca7d408
SHA256

f1cd5c4148fd5b4b3110a6db16f4ed35564d602cbdb3387ef57c1fd4ee0387a6
SHA512

c3ac84d8ba7d71d3ca0e2e322d0e6c356dc410858ad5b553043ac1a7d8c99a0026ea7f3a0ec0367890ee8e0fc33456eadf805bb88901eeb4378d953e16322e4a
SSDEEP

12288:eWfMj2ZCN0DBRViHwKOTijMp/rEVAi4kzxOWVTCejrZ3:eWkj2G0DrfKOeo1rnDkzo6T/Z

Score

7^/10

Malware Config

Targets

- Target
  
  AutoUpdater.exe
- Size
  
  52KB
- MD5
  
  adbfcfe903b503ba75b4899871ed01e7
- SHA1
  
  da819088055960574af94bc7e956a26029088bd6
- SHA256
  
  87c74be19716a88cfd0d144764e9035fb21be59152a1d9f1e9a209f4aafc9ec9
- SHA512
  
  47aecf0aa7104f6513306560ef12b4a8a9f4ba77f74c91a2d4ca15942dc04c06a9e9f72a9a36059fa87df84b1000ccdc3478f11a4c04274514719d7601d66efe
- SSDEEP
  
  768:DfFoAbdTT4lPBuhiJoolqAuBDnzlRmZpXZlona0eHnGQrZohce1j4:bFoAdTGPBRoLAuBvfmJhrOR4
Score

1^/10
behavioral1 behavioral2
- Target
  
  HtmlAgilityPack.dll
- Size
  
  131KB
- MD5
  
  d631f1924d735e079e61e6b46f0bacad
- SHA1
  
  0228bacf9d428f42f586ef60b3bea3c4af2275c2
- SHA256
  
  ecedc08c8000d839858af81d34d5b11b3cd68faa78aaf9446f4e8987c5247742
- SHA512
  
  5b009943f429fd1702ec27141cbd1d26875df2d6373d12e4086e700f0ec267709248a637c66edfc01114d61a478c00fdd7af657ecfd2e1fc3b187edc9b40288e
- SSDEEP
  
  3072:qt+WnshNlKiHdl0+lKC9aWqTiwXwpchBYL/Xy18PIZzhvf:cHnstnHeC9aW4iHMYDyZH
Score

1^/10
behavioral3 behavioral4
- Target
  
  Newtonsoft.Json.dll
- Size
  
  481KB
- MD5
  
  de4d52b1997b2777cbedebf687af9cc8
- SHA1
  
  3b76efa67537b299fb19baefb9543df8cadacdbb
- SHA256
  
  270fa30b6fb21d1e10e49cb2708cf925e575a3d0de2082bdbc7056532525dd7c
- SHA512
  
  6ae5569e8332a58a06c367453326a01d1d83a0a7e36383da26b687fc8a3a422cfc487c36b87081d6c757e5022a06241e50ec6a4ae0164d80c169c1a7c2f16c58
- SSDEEP
  
  6144:HBcXGgjw/pqItQPcBMhsYoGNo+BA50pqEOyTD9KakSr0tqBB/aN+moZJnwD:GmfQ0ChsYJJzxTQ0qoTn2
Score

1^/10
behavioral5 behavioral6
- Target
  
  System.Web.Helpers.dll
- Size
  
  127KB
- MD5
  
  c14bda2ef75c24726cbee0e3a07415a7
- SHA1
  
  c8bcc63d2f05553424877956e4f51b4493ff6790
- SHA256
  
  5b6711465ed2fa1268e1107416526ad8a30aea82126de7e64a7b3ef67b938f56
- SHA512
  
  a2a0d99b55a121d0c503b78a08c2efe14bcb89b33b8e791f91a889c402e0170ac9a51a88436fb8d88a6e08d62e338b7021e198f37bb1712803a6935ed7d467f8
- SSDEEP
  
  3072:DXS1Jky7/dOZK/ZkGXsYfBAE1ZAPPYIoDf1yGc2HHQ5De2d9bLE695so:LS1JkE/EcVXsY5AE1ZAPAIoDf1ANtL
Score

1^/10
behavioral7 behavioral8
- Target
  
  botInterface.exe
- Size
  
  270KB
- MD5
  
  ec72074a0200a81b2df067c6b50ea9b0
- SHA1
  
  b32541c4361f7a36fbfc8b06b93596ce1cd95bec
- SHA256
  
  a4275458dca8cd0b6755ead69986859e7b2f7b67f6ad78bfcacf189c4acca157
- SHA512
  
  d77d3dff1406f3814a978b431a8097d1b9933919e3657c4ce8facd7e74fef2942f9c48d3ebeb781fed83f956993b44a5687d7ac342987295afb29d60ebc41f99
- SSDEEP
  
  6144:zkIzuL6pznokBLpxlZiullWDcZsbMA+9YEekrBper4WiwxTEDx8Wfl8z+7G36oA1:z96ovZP6cZsbMAqDekrBpZLwuSW2zCQM
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10