2f4959abf1dbf0873f6ae69964ad3716bd3637b1a01b9a6c245cb731dba0ce54 | Triage

Sharing

General

Target

2f4959abf1dbf0873f6ae69964ad3716bd3637b1a01b9a6c245cb731dba0ce54
Size

164KB
Sample

221129-tfwj9add43
MD5

73e528627d92ef4353b1fe1747fe7396
SHA1

9c611a3abc95efc559d0b230d4bf70318b9953b4
SHA256

2f4959abf1dbf0873f6ae69964ad3716bd3637b1a01b9a6c245cb731dba0ce54
SHA512

153f5951b0d6bda3afe8225d2eb6c2c0b822a58b013051a01b8d28c146154c349cbd878a63047ef73fb64397add3783884ada94d6b332122344a17bb7e8875f1
SSDEEP

3072:2BAp5XhKpN4eOyVTGfhEClj8jTk+0hUlYJxp5++++++++H+++++++0G:tbXE9OiTGfhEClq99s5++++++++H+++r

Score

8^/10

Malware Config

Targets

- Target
  
  2f4959abf1dbf0873f6ae69964ad3716bd3637b1a01b9a6c245cb731dba0ce54
- Size
  
  164KB
- MD5
  
  73e528627d92ef4353b1fe1747fe7396
- SHA1
  
  9c611a3abc95efc559d0b230d4bf70318b9953b4
- SHA256
  
  2f4959abf1dbf0873f6ae69964ad3716bd3637b1a01b9a6c245cb731dba0ce54
- SHA512
  
  153f5951b0d6bda3afe8225d2eb6c2c0b822a58b013051a01b8d28c146154c349cbd878a63047ef73fb64397add3783884ada94d6b332122344a17bb7e8875f1
- SSDEEP
  
  3072:2BAp5XhKpN4eOyVTGfhEClj8jTk+0hUlYJxp5++++++++H+++++++0G:tbXE9OiTGfhEClq99s5++++++++H+++r
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2