a25985a468a781ab884fd5efbcd8c588d77992eb145609f886f8fe357199e1fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a25985a468a781ab884fd5efbcd8c588d77992eb145609f886f8fe357199e1fe
Size

84KB
Sample

221202-chewvagb51
MD5

cac23f9475611a110440c44db327df68
SHA1

ba98060800275e0b07234982a69a77525dec3fd6
SHA256

a25985a468a781ab884fd5efbcd8c588d77992eb145609f886f8fe357199e1fe
SHA512

45286a4775e4444e574ac82b87fd8eb7cfc059906c2e90671c1ec0f53a9f33ca99dba7af5804c2d3d41f378df93ec7deeff224dbda1689d0417965517ab2509c
SSDEEP

1536:bQWQFGFI/PvgCRN59/iZCNfInuWUZGHVKDPfepBQzb7Ld4o6gF/Kos/:8rz/BRgsNfOPZI20HLdFSoQ

Score

8^/10

Malware Config

Targets

- Target
  
  PHOTO-DEVOCHKA.exe
- Size
  
  180KB
- MD5
  
  54fa63539b7dd53f6471ed6c74441a3c
- SHA1
  
  c543a83a98e75898d68c27cdad0af7488285bb20
- SHA256
  
  3503d7b765ab1715094a62e292fe214325e5e9875058e54df2aeecc402bb5b4e
- SHA512
  
  66d48398c3862cc20b33db9d3957ff6ac981c968d309d14e5b8cc38e8728b64b9443a51ae296c694c7cea98639b82a7d10359886b2830004582128d3e6119eb4
- SSDEEP
  
  3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hUysEzQsFgS9BA/y:AbXE9OiTGfhEClq9MsEzQsFgSd
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2