Triage | Malware sandboxing report by Hatching Triage

Resubmissions

26-05-2023 11:32

230526-nng4yaff9x 7

10-05-2021 12:23

210510-bzkexqlwbj 8

10-05-2021 12:10

210510-6t4bx42gea 1

10-05-2021 07:49

210510-j4bf3f86pe 8

Sharing

General

Target

6c9ed2415dc6402aeeae5abae80a20894840fc5598926721beaa13015859df1a
Size

56KB
Sample

230526-nng4yaff9x
MD5

08a2b527c9754115cd96b522912470d7
SHA1

b800d4fe171c48726dee92b73e91040640d9bd7b
SHA256

6c9ed2415dc6402aeeae5abae80a20894840fc5598926721beaa13015859df1a
SHA512

bc2ade2d8a3db0dd574c871e70f49a421517ef3857e8465e71bcc667fbd9e74b9e1c99480158f1648c79cd4f2e15eb7dcc7c8e5c84cafee46e14bab5b8485aa3
SSDEEP

768:crA7OfYq31eyfvpGK/nD7iuiR3W85tRfXP2LBNNd:oAi0NK/D7ih59PRPP

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  6c9ed2415dc6402aeeae5abae80a20894840fc5598926721beaa13015859df1a
- Size
  
  56KB
- MD5
  
  08a2b527c9754115cd96b522912470d7
- SHA1
  
  b800d4fe171c48726dee92b73e91040640d9bd7b
- SHA256
  
  6c9ed2415dc6402aeeae5abae80a20894840fc5598926721beaa13015859df1a
- SHA512
  
  bc2ade2d8a3db0dd574c871e70f49a421517ef3857e8465e71bcc667fbd9e74b9e1c99480158f1648c79cd4f2e15eb7dcc7c8e5c84cafee46e14bab5b8485aa3
- SSDEEP
  
  768:crA7OfYq31eyfvpGK/nD7iuiR3W85tRfXP2LBNNd:oAi0NK/D7ih59PRPP
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

Network Service Scanning

T1046

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1