940c2237b8cdb75574c2d30533c2e6560b34c038209579a588a76c35aea21b82 | Triage

Sharing

General

Target

Excz0.lib_mpgh.net.zip
Size

13.1MB
Sample

230309-ygme7ahh92
MD5

6befe1489fb99235fd2c54bbd18ed4da
SHA1

b647c8254c139c1aad178f1d6c51718371798779
SHA256

940c2237b8cdb75574c2d30533c2e6560b34c038209579a588a76c35aea21b82
SHA512

a9658762ef715034ed11f9d067fcaf75f6c8fc751513f24cf1fb58fae6768a4b1af82fce0f2ce26c2f7c516ead8ba4f5d32efef2a17caebdd7660afa9f48fb23
SSDEEP

196608:THfhTmJ0XUqkCC23b2WzLk4Y1VO3gkqJz+QDik+YdhjBQI8Ea0pwi0IUDEJ:7ZTGobNHzvY10fqti/4JrttUDEJ

Score

7^/10

Malware Config

Targets

- Target
  
  Excz0.lib_mpgh.net.zip
- Size
  
  13.1MB
- MD5
  
  6befe1489fb99235fd2c54bbd18ed4da
- SHA1
  
  b647c8254c139c1aad178f1d6c51718371798779
- SHA256
  
  940c2237b8cdb75574c2d30533c2e6560b34c038209579a588a76c35aea21b82
- SHA512
  
  a9658762ef715034ed11f9d067fcaf75f6c8fc751513f24cf1fb58fae6768a4b1af82fce0f2ce26c2f7c516ead8ba4f5d32efef2a17caebdd7660afa9f48fb23
- SSDEEP
  
  196608:THfhTmJ0XUqkCC23b2WzLk4Y1VO3gkqJz+QDik+YdhjBQI8Ea0pwi0IUDEJ:7ZTGobNHzvY10fqti/4JrttUDEJ
Score

1^/10
behavioral1
- Target
  
  Excz0.lib.dll
- Size
  
  13.7MB
- MD5
  
  bc30bf23e4b2089e7beb6dee6656b36b
- SHA1
  
  60413e8738971b2dbc694336fe6004822f738ddb
- SHA256
  
  6bacde421bff804efd0ab86980294cb2815e393ff8652d588041d2fd9465ed65
- SHA512
  
  0a2202e7885640b139309d286547fcaa93c164d65da80598e79c9557770114d52726bfcdea3fcaddbb3837ad86abe968c2564ec04dc56309038e264f5ce5974c
- SSDEEP
  
  393216:imNUyg6YH3mxBnM2lUukRka+tifXfmfguj4:im+yg6kmUyUuk+Wmfdj4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2