9861e195763e14f267104f71b2eb2032954eef33febe3df786afdc02caff533d | Triage

Sharing

General

Target

9861e195763e14f267104f71b2eb2032954eef33febe3df786afdc02caff533d
Size

203KB
Sample

221129-pcth9sbc6x
MD5

c7111974649e431e7210a711acc3fd0c
SHA1

11b75b7ffe44f4d60ffb53bb6f1edbc89d0ca825
SHA256

9861e195763e14f267104f71b2eb2032954eef33febe3df786afdc02caff533d
SHA512

ab3cc66f212b69ae632b55c021df7cde8692e059d0f403175d9c77b218725b78d94f84be4e99a553786f8baf1f54425b7861e7cdf17b1b9f5d64f957e1b3639d
SSDEEP

3072:mBAp5XhKpN4eOyVTGfhEClj8jTk+0hu/MEPmWBMmvtGEcKJy9HnuthV9h+f2C8ww:dbXE9OiTGfhEClq9KEpz

Score

8^/10

Malware Config

Targets

- Target
  
  9861e195763e14f267104f71b2eb2032954eef33febe3df786afdc02caff533d
- Size
  
  203KB
- MD5
  
  c7111974649e431e7210a711acc3fd0c
- SHA1
  
  11b75b7ffe44f4d60ffb53bb6f1edbc89d0ca825
- SHA256
  
  9861e195763e14f267104f71b2eb2032954eef33febe3df786afdc02caff533d
- SHA512
  
  ab3cc66f212b69ae632b55c021df7cde8692e059d0f403175d9c77b218725b78d94f84be4e99a553786f8baf1f54425b7861e7cdf17b1b9f5d64f957e1b3639d
- SSDEEP
  
  3072:mBAp5XhKpN4eOyVTGfhEClj8jTk+0hu/MEPmWBMmvtGEcKJy9HnuthV9h+f2C8ww:dbXE9OiTGfhEClq9KEpz
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2