806c6f10cf3ff2ddcfb8a3c9bb9f418c30b63b6eff5a62e94548d5156694b599 | Triage

Sharing

General

Target

806c6f10cf3ff2ddcfb8a3c9bb9f418c30b63b6eff5a62e94548d5156694b599
Size

5.8MB
Sample

230319-djjf4aef45
MD5

d8cc96a6cfa21dc89f5f1c252d0120f4
SHA1

06a654dbbd0525a03b78a177b7ec3ece1cf5f233
SHA256

806c6f10cf3ff2ddcfb8a3c9bb9f418c30b63b6eff5a62e94548d5156694b599
SHA512

f4131996d6a3df9617a6734ff8a31ad3ec47ab85f991c99ab57be05ccbd475d34f371fba7669d9c869118ef9619549ca14b70438e629b4d250f06f4087a2d80d
SSDEEP

98304:SuaSBtYKUEkxXk+b7FCOT7cZpyas3pY0Mv/QsiCZs4IiU1pANyNxd:feEky+T7kWYT/QF7pANyN

Score

8^/10

Malware Config

Targets

- Target
  
  806c6f10cf3ff2ddcfb8a3c9bb9f418c30b63b6eff5a62e94548d5156694b599
- Size
  
  5.8MB
- MD5
  
  d8cc96a6cfa21dc89f5f1c252d0120f4
- SHA1
  
  06a654dbbd0525a03b78a177b7ec3ece1cf5f233
- SHA256
  
  806c6f10cf3ff2ddcfb8a3c9bb9f418c30b63b6eff5a62e94548d5156694b599
- SHA512
  
  f4131996d6a3df9617a6734ff8a31ad3ec47ab85f991c99ab57be05ccbd475d34f371fba7669d9c869118ef9619549ca14b70438e629b4d250f06f4087a2d80d
- SSDEEP
  
  98304:SuaSBtYKUEkxXk+b7FCOT7cZpyas3pY0Mv/QsiCZs4IiU1pANyNxd:feEky+T7kWYT/QF7pANyN
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2