06d6f8f80cf0c2f833444879d7d72db9f2cd709e9665aeb62fe39b9d22f0af72 | Triage

Sharing

General

Target

Video_0025.mp4.exe
Size

1.2MB
Sample

230109-gfmwwsgf9v
MD5

7354ed72f7bd7ccbf98e93d238404fd7
SHA1

49ec90ee62625696bdcb11095db568184c366d65
SHA256

06d6f8f80cf0c2f833444879d7d72db9f2cd709e9665aeb62fe39b9d22f0af72
SHA512

20e3c7a6771c48a7902099127486f82bd8565cad01d52db91f6045922f368778c59c61daf77ca598e376dbb3aac9921a5d679dac69a669a9d2f8819dac4bfd38
SSDEEP

24576:q/gl64awpHEU8qEORnGOLogpmdhrquAgBh6jbgtca+ZuB:RXDpEsRKkUtcc

Score

8^/10

Malware Config

Targets

- Target
  
  Video_0025.mp4.exe
- Size
  
  1.2MB
- MD5
  
  7354ed72f7bd7ccbf98e93d238404fd7
- SHA1
  
  49ec90ee62625696bdcb11095db568184c366d65
- SHA256
  
  06d6f8f80cf0c2f833444879d7d72db9f2cd709e9665aeb62fe39b9d22f0af72
- SHA512
  
  20e3c7a6771c48a7902099127486f82bd8565cad01d52db91f6045922f368778c59c61daf77ca598e376dbb3aac9921a5d679dac69a669a9d2f8819dac4bfd38
- SSDEEP
  
  24576:q/gl64awpHEU8qEORnGOLogpmdhrquAgBh6jbgtca+ZuB:RXDpEsRKkUtcc
Score

8^/10
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2