fc0d1f8a91cda54140ec69ca9952db6dfacea05d29efe5be51d5e598e9164ff6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc0d1f8a91cda54140ec69ca9952db6dfacea05d29efe5be51d5e598e9164ff6
Size

232KB
Sample

221203-czmysaah71
MD5

51ea6c9538dfd0a722c9a182d0d4d020
SHA1

93020221d9b4caf13f5faaf2c2a7b9e4cc50ad70
SHA256

fc0d1f8a91cda54140ec69ca9952db6dfacea05d29efe5be51d5e598e9164ff6
SHA512

ecda334ccc1a1d890710802444f567a7803f4f9dbc61f6ecd774132b0499c0c3cd6dc02c3d5139a465e2fd26972dbcc9502f7b9e45a3098683852cf09dff03fd
SSDEEP

3072:0R+Cp0DSr9uwQn0cghycyWqsy4dg+PpkjdvwV7PXt2eC1hfcrEIygmFJZ:lCpZNcXWwpvwP9Ybb

Score

8^/10

Malware Config

Targets

- Target
  
  fc0d1f8a91cda54140ec69ca9952db6dfacea05d29efe5be51d5e598e9164ff6
- Size
  
  232KB
- MD5
  
  51ea6c9538dfd0a722c9a182d0d4d020
- SHA1
  
  93020221d9b4caf13f5faaf2c2a7b9e4cc50ad70
- SHA256
  
  fc0d1f8a91cda54140ec69ca9952db6dfacea05d29efe5be51d5e598e9164ff6
- SHA512
  
  ecda334ccc1a1d890710802444f567a7803f4f9dbc61f6ecd774132b0499c0c3cd6dc02c3d5139a465e2fd26972dbcc9502f7b9e45a3098683852cf09dff03fd
- SSDEEP
  
  3072:0R+Cp0DSr9uwQn0cghycyWqsy4dg+PpkjdvwV7PXt2eC1hfcrEIygmFJZ:lCpZNcXWwpvwP9Ybb
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2