f79f64d379ff371576cba4994a7134e3a6957f348fba883d934f544e03f6c578 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f79f64d379ff371576cba4994a7134e3a6957f348fba883d934f544e03f6c578
Size

24.7MB
Sample

221206-gf5rpshh35
MD5

b30101feb3bf70c9badcdef6b0955767
SHA1

c157a1020944c9f3bc1c0d2624e7d391824500f8
SHA256

f79f64d379ff371576cba4994a7134e3a6957f348fba883d934f544e03f6c578
SHA512

dfa1e024a7bfbf0860cd9c087fcfb9db62dee73331dcc72c62847607dcbc45ddd64d036839b545e1b52746516a0aa42565745e8f394ecff2281acc15681f312f
SSDEEP

6144:KMd4bbFN+gS16KBDbbFN+gS16KBmbbFN+gS16KB6bbFN+gS16KB7bbFN+gS16KBM:Bd0EgyNEgyiEgyuEgydEgyIEgyS0R

Score

8^/10

Malware Config

Targets

- Target
  
  f79f64d379ff371576cba4994a7134e3a6957f348fba883d934f544e03f6c578
- Size
  
  24.7MB
- MD5
  
  b30101feb3bf70c9badcdef6b0955767
- SHA1
  
  c157a1020944c9f3bc1c0d2624e7d391824500f8
- SHA256
  
  f79f64d379ff371576cba4994a7134e3a6957f348fba883d934f544e03f6c578
- SHA512
  
  dfa1e024a7bfbf0860cd9c087fcfb9db62dee73331dcc72c62847607dcbc45ddd64d036839b545e1b52746516a0aa42565745e8f394ecff2281acc15681f312f
- SSDEEP
  
  6144:KMd4bbFN+gS16KBDbbFN+gS16KBmbbFN+gS16KB6bbFN+gS16KB7bbFN+gS16KBM:Bd0EgyNEgyiEgyuEgydEgyIEgyS0R
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2