7f6d4d38ceebb85ecc1afc3cc283f052767ba0fdeb24f2c391adca5b69ae10f8 | Triage

Sharing

General

Target

Archivo_DocumentoMSFANNJOCGYQTKPioydo.zip
Size

2.9MB
Sample

230315-v5xpaagf9y
MD5

7512be078f8da815959a345c3a8859c4
SHA1

6b9628f6eb23f5f691b0b67f814816ac56a37674
SHA256

7f6d4d38ceebb85ecc1afc3cc283f052767ba0fdeb24f2c391adca5b69ae10f8
SHA512

fc53893ffcc9aa4e66ee3ce67e44edba283aee0adac4b3430cb79b417173d15b6d66b680118cb0e1f1895dd2a1f9a4d471fb19cc07a05b5542616b1610ff27cd
SSDEEP

49152:NlhNmV+ElsB4shtssSIh30gbK3RJIfWyniyGA7yHtkPt9XNU2PzI78KzYDHJJUzQ:NlCQElC4aK985bK3RJkJUPN+9XN5PzIU

Score

7^/10

Malware Config

Targets

- Target
  
  Archivo_DocumentoMSFANNJOCGYQTKPioydo.exe
- Size
  
  266.4MB
- MD5
  
  2d9cfc546009a12e01f24e29d8082ca4
- SHA1
  
  e386f37d57185e4e421741381d9c7338cc8e1687
- SHA256
  
  459b562249bf69983535ebb552b753bb6f22758beeab803696527fe37e677a82
- SHA512
  
  15e0540bb9cce197a00dca77b83e268f13f2b5a7209284e316ec1f90fa2ba1260afad17790f44240b52d2d183ec96bfe0268b4b39b3898b066e038f0ee4c4e58
- SSDEEP
  
  98304:LZXKBJWxZ2+sZ5mgLjeQ3y1e2kGHPs1Xl:L1ysni16Pe1
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2