ca0b7b278e15c4fc3821b4881d70578cd6f2d54115844e2ddcb26c79b72975e8 | Triage

Sharing

General

Target

ca0b7b278e15c4fc3821b4881d70578cd6f2d54115844e2ddcb26c79b72975e8
Size

40KB
Sample

221202-2re1msbh69
MD5

faf56a676bda7ddf500e0e9b0da46922
SHA1

3e53f0fadd66cd7158fc0956693be7f1c0fcc72d
SHA256

ca0b7b278e15c4fc3821b4881d70578cd6f2d54115844e2ddcb26c79b72975e8
SHA512

105ad34c738831d3022a7ed6dc6dd7930841517a2f24b1673f3a0626ee5bfb80cf59a18cda00c039865e274c1f46ab96f1d5fe0d34135a503a1f6fb4d7b24c66
SSDEEP

384:BmqLxGnkItICO3+4NCwW/oFlRBdFCNFr/yIp13b8eWQf7H4t/c:VLxGB6COuP8lCljTiQTH4t/

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  ca0b7b278e15c4fc3821b4881d70578cd6f2d54115844e2ddcb26c79b72975e8
- Size
  
  40KB
- MD5
  
  faf56a676bda7ddf500e0e9b0da46922
- SHA1
  
  3e53f0fadd66cd7158fc0956693be7f1c0fcc72d
- SHA256
  
  ca0b7b278e15c4fc3821b4881d70578cd6f2d54115844e2ddcb26c79b72975e8
- SHA512
  
  105ad34c738831d3022a7ed6dc6dd7930841517a2f24b1673f3a0626ee5bfb80cf59a18cda00c039865e274c1f46ab96f1d5fe0d34135a503a1f6fb4d7b24c66
- SSDEEP
  
  384:BmqLxGnkItICO3+4NCwW/oFlRBdFCNFr/yIp13b8eWQf7H4t/c:VLxGB6COuP8lCljTiQTH4t/
Score

8^/10

discovery
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2