9648260ebd6d42670ad21a574f72ba079083356be040ac602b7071c86b170687 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9648260ebd6d42670ad21a574f72ba079083356be040ac602b7071c86b170687
Size

12.2MB
Sample

221127-ybjgcaha8s
MD5

0f545affdee42c330ca5ee4641e63d07
SHA1

ffea3be216fb79232b578400519a9de7e93072ad
SHA256

9648260ebd6d42670ad21a574f72ba079083356be040ac602b7071c86b170687
SHA512

3835cbd2cf30065fe7490cc534bc198f9bb95c477ffd8d6ad75c71a0b4b0629e01ecaa153abe3f6404d1d474de1a8ea2d4b210ca43ed88fb55a35c28cd370367
SSDEEP

196608:NCkADDdvUhbOUJ6jettPnjePhHBL8WLQUfuVECguLiXw5cQnnUHGuSjvpXd0LHz8:NC/DdcjJ6ieZhLTLQUfuVElXOn000LTE

Score

8^/10

Malware Config

Targets

- Target
  
  9648260ebd6d42670ad21a574f72ba079083356be040ac602b7071c86b170687
- Size
  
  12.2MB
- MD5
  
  0f545affdee42c330ca5ee4641e63d07
- SHA1
  
  ffea3be216fb79232b578400519a9de7e93072ad
- SHA256
  
  9648260ebd6d42670ad21a574f72ba079083356be040ac602b7071c86b170687
- SHA512
  
  3835cbd2cf30065fe7490cc534bc198f9bb95c477ffd8d6ad75c71a0b4b0629e01ecaa153abe3f6404d1d474de1a8ea2d4b210ca43ed88fb55a35c28cd370367
- SSDEEP
  
  196608:NCkADDdvUhbOUJ6jettPnjePhHBL8WLQUfuVECguLiXw5cQnnUHGuSjvpXd0LHz8:NC/DdcjJ6ieZhLTLQUfuVElXOn000LTE
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2