8e4fe778ef3ae72481f795997506c6e0ad563804ef12a133ea1d79d5f14e8992 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e4fe778ef3ae72481f795997506c6e0ad563804ef12a133ea1d79d5f14e8992
Size

3.1MB
Sample

221129-n4l3tsae3z
MD5

a2c1b4770640c505536fde78f90cf2be
SHA1

50d2b1fbc45b887c6d1ec499dc5a1a30a043af1d
SHA256

8e4fe778ef3ae72481f795997506c6e0ad563804ef12a133ea1d79d5f14e8992
SHA512

2f5015e628de06c03337f80de44eb4a0a8eeff06e84649d692c9c789cc0bac06e212b933610ca3fa95bd3b691f3ca4c3489172fe39c9adaaecd931574f405dd3
SSDEEP

49152:a5GDzlyudRxDSO0NhmHPKPXBT9YHCqSfN2tNNrZhA1T9+wHZxZ:aMzly/hmHCEC3fNgrZhy5P

Score

8^/10

Malware Config

Targets

- Target
  
  8e4fe778ef3ae72481f795997506c6e0ad563804ef12a133ea1d79d5f14e8992
- Size
  
  3.1MB
- MD5
  
  a2c1b4770640c505536fde78f90cf2be
- SHA1
  
  50d2b1fbc45b887c6d1ec499dc5a1a30a043af1d
- SHA256
  
  8e4fe778ef3ae72481f795997506c6e0ad563804ef12a133ea1d79d5f14e8992
- SHA512
  
  2f5015e628de06c03337f80de44eb4a0a8eeff06e84649d692c9c789cc0bac06e212b933610ca3fa95bd3b691f3ca4c3489172fe39c9adaaecd931574f405dd3
- SSDEEP
  
  49152:a5GDzlyudRxDSO0NhmHPKPXBT9YHCqSfN2tNNrZhA1T9+wHZxZ:aMzly/hmHCEC3fNgrZhy5P
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2