bf99b4450b710ccd383bec1da79e9e982378d813c70989c8df5fc085163f34cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf99b4450b710ccd383bec1da79e9e982378d813c70989c8df5fc085163f34cc
Size

6.5MB
Sample

221202-z7fwrsef73
MD5

77bf187ef5bc5f21dba21a66e1d295f8
SHA1

561cfa90761afd4855f7448948b7954e2b4bbee4
SHA256

bf99b4450b710ccd383bec1da79e9e982378d813c70989c8df5fc085163f34cc
SHA512

f2a4dafd6690e9a8621929ad171d6ca5e304e892a6edfb83cb10f7656b501bbc3f9628440511f242738ca3835fbe1ee274c7dd0ecf8eb453d3249f0507da2ee8
SSDEEP

196608:7o2GOxGAXbk+1Rp0SpC3idQSMWcOt99/5QV5:7xIgtw3kdR98V5

Score

9^/10

discovery

Malware Config

Targets

- Target
  
  bf99b4450b710ccd383bec1da79e9e982378d813c70989c8df5fc085163f34cc
- Size
  
  6.5MB
- MD5
  
  77bf187ef5bc5f21dba21a66e1d295f8
- SHA1
  
  561cfa90761afd4855f7448948b7954e2b4bbee4
- SHA256
  
  bf99b4450b710ccd383bec1da79e9e982378d813c70989c8df5fc085163f34cc
- SHA512
  
  f2a4dafd6690e9a8621929ad171d6ca5e304e892a6edfb83cb10f7656b501bbc3f9628440511f242738ca3835fbe1ee274c7dd0ecf8eb453d3249f0507da2ee8
- SSDEEP
  
  196608:7o2GOxGAXbk+1Rp0SpC3idQSMWcOt99/5QV5:7xIgtw3kdR98V5
Score

9^/10

discovery
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2