3031ee6ba5187fc441cdb27a84fdd225c16347267c5adfed219f3975034d082f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3031ee6ba5187fc441cdb27a84fdd225c16347267c5adfed219f3975034d082f
Size

172KB
Sample

221201-zjec2adb5w
MD5

4b38173517e39afebab1baf07a376469
SHA1

c2d67e3d521b67d301ba4a30073d9dea5429b077
SHA256

3031ee6ba5187fc441cdb27a84fdd225c16347267c5adfed219f3975034d082f
SHA512

dfdbac7e9dede48bdba05fcc2bf6074848c18fd333b7cd43ad127edc879d298d9a685fdba51f123beedd73c8ee7826a9c6ddddd6fd5e5434165472557f8449d9
SSDEEP

3072:kBAp5XhKpN4eOyVTGfhEClj8jTk+0hDx4jpVCTmcCu45oS48lFT0Vqtq5YyjkkrU:zbXE9OiTGfhEClq9i4EVmJ/

Score

8^/10

Malware Config

Targets

- Target
  
  3031ee6ba5187fc441cdb27a84fdd225c16347267c5adfed219f3975034d082f
- Size
  
  172KB
- MD5
  
  4b38173517e39afebab1baf07a376469
- SHA1
  
  c2d67e3d521b67d301ba4a30073d9dea5429b077
- SHA256
  
  3031ee6ba5187fc441cdb27a84fdd225c16347267c5adfed219f3975034d082f
- SHA512
  
  dfdbac7e9dede48bdba05fcc2bf6074848c18fd333b7cd43ad127edc879d298d9a685fdba51f123beedd73c8ee7826a9c6ddddd6fd5e5434165472557f8449d9
- SSDEEP
  
  3072:kBAp5XhKpN4eOyVTGfhEClj8jTk+0hDx4jpVCTmcCu45oS48lFT0Vqtq5YyjkkrU:zbXE9OiTGfhEClq9i4EVmJ/
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2