3b7d9ce838d439688e22bd770c6d2f7a3a3a9f8e61699d552c56bd9b747053c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b7d9ce838d439688e22bd770c6d2f7a3a3a9f8e61699d552c56bd9b747053c9
Size

3.1MB
Sample

221129-p3ywnsdd8v
MD5

9bd594e4e99d2b9a0e6e259e05f5c077
SHA1

8a9f51d82d1c87527d8d33a96fe085a19a8df301
SHA256

3b7d9ce838d439688e22bd770c6d2f7a3a3a9f8e61699d552c56bd9b747053c9
SHA512

c97383e34d4d23aab1066fcb0cb4e45edf3caaa945bc8fd6ffe9791424b6715fe90d07e5b288e195e45aee928cd4a91fcadbaefb5ce9d20688c690152282eba9
SSDEEP

49152:S9vzBzNqtuxfSOsRRODpK3zl3ZkPmnA0BM56rZ/mfTn+BHZxZ:SRBzNAROD4AmA0BjrZ/R5P

Score

8^/10

Malware Config

Targets

- Target
  
  3b7d9ce838d439688e22bd770c6d2f7a3a3a9f8e61699d552c56bd9b747053c9
- Size
  
  3.1MB
- MD5
  
  9bd594e4e99d2b9a0e6e259e05f5c077
- SHA1
  
  8a9f51d82d1c87527d8d33a96fe085a19a8df301
- SHA256
  
  3b7d9ce838d439688e22bd770c6d2f7a3a3a9f8e61699d552c56bd9b747053c9
- SHA512
  
  c97383e34d4d23aab1066fcb0cb4e45edf3caaa945bc8fd6ffe9791424b6715fe90d07e5b288e195e45aee928cd4a91fcadbaefb5ce9d20688c690152282eba9
- SSDEEP
  
  49152:S9vzBzNqtuxfSOsRRODpK3zl3ZkPmnA0BM56rZ/mfTn+BHZxZ:SRBzNAROD4AmA0BjrZ/R5P
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2