9cdfa8da66c134ae69bfbb10e6b4cb44d388fbd8e816ab837091c2f0707a2cb6 | Triage

Sharing

General

Target

PodcrashPlay_Setup.exe
Size

707KB
Sample

230210-pbf7jsga34
MD5

2aa5c8b47eb1dec0d01b5a3dbbfef0c7
SHA1

04fc2dc4387274e0fb4f4591f472b7f6ab401028
SHA256

9cdfa8da66c134ae69bfbb10e6b4cb44d388fbd8e816ab837091c2f0707a2cb6
SHA512

e9f83b5708806141ced3e3e8dc5d0dd597b0ee26eb3b43b11ee8a92526f975bf7141b9f81c4db3825ac421e048bace9a5fed721bdfdb137871f9b926f6946c40
SSDEEP

12288:W25SbROPLRKRCDPNKT1zH3ptaR1sDfOQSvJqFZ6F/u43h0gOvhI2DZX84R1:WoSwMgDu173pG1szLSvJw+/uMh0V8m1

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  PodcrashPlay_Setup.exe
- Size
  
  707KB
- MD5
  
  2aa5c8b47eb1dec0d01b5a3dbbfef0c7
- SHA1
  
  04fc2dc4387274e0fb4f4591f472b7f6ab401028
- SHA256
  
  9cdfa8da66c134ae69bfbb10e6b4cb44d388fbd8e816ab837091c2f0707a2cb6
- SHA512
  
  e9f83b5708806141ced3e3e8dc5d0dd597b0ee26eb3b43b11ee8a92526f975bf7141b9f81c4db3825ac421e048bace9a5fed721bdfdb137871f9b926f6946c40
- SSDEEP
  
  12288:W25SbROPLRKRCDPNKT1zH3ptaR1sDfOQSvJqFZ6F/u43h0gOvhI2DZX84R1:WoSwMgDu173pG1szLSvJw+/uMh0V8m1
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2