ec22fe1001066151dcaba55d013dd5a69886ec09d947118a9682f4a673890512 | Triage

Sharing

General

Target

stripped.exe
Size

239KB
Sample

221221-n292wafd4w
MD5

4efaf3c856cbc3a0a9078e8105c4c2a1
SHA1

5258925002bbc57405578a59375dff67edfdfb6f
SHA256

ec22fe1001066151dcaba55d013dd5a69886ec09d947118a9682f4a673890512
SHA512

4949819f589a6042604879aae0424c9d172cf6e18b1e6ca01a53de6d136249a59fa3fe77e3cac56942499d7c319b7156b83db5c31711d36a58a219808e3a3f2f
SSDEEP

3072:HAcREh6pPlF7LCh8dM7QlBP5o3x8YcwIFU9OImpVYe3d3ROR:PKMpPlfy70zBYcwIe9DkL3pRO

Score

8^/10

Malware Config

Targets

- Target
  
  stripped.exe
- Size
  
  239KB
- MD5
  
  4efaf3c856cbc3a0a9078e8105c4c2a1
- SHA1
  
  5258925002bbc57405578a59375dff67edfdfb6f
- SHA256
  
  ec22fe1001066151dcaba55d013dd5a69886ec09d947118a9682f4a673890512
- SHA512
  
  4949819f589a6042604879aae0424c9d172cf6e18b1e6ca01a53de6d136249a59fa3fe77e3cac56942499d7c319b7156b83db5c31711d36a58a219808e3a3f2f
- SSDEEP
  
  3072:HAcREh6pPlF7LCh8dM7QlBP5o3x8YcwIFU9OImpVYe3d3ROR:PKMpPlfy70zBYcwIe9DkL3pRO
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2