9a1c1ab02264fa8b50d5477d2795c5cf7a6bb58541ddcc7fcd2f08b7266164f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pharmacy_3_0_1703131.exe
Size

22.3MB
Sample

230615-qfb9tshc4x
MD5

383c4a35016c3d52fded95e5b3d7b0d6
SHA1

b50c12d6a616271f02624ba03f4832da5d9aa552
SHA256

9a1c1ab02264fa8b50d5477d2795c5cf7a6bb58541ddcc7fcd2f08b7266164f3
SHA512

aff3c66713acce63adb2c7e31deee27b46ba909f80302467c7161e9f1ee10c3c4f81d35d37e88a7ad485480255806748a33737da438c8d530981bd39931b67ba
SSDEEP

393216:iVx/QIaSzAmbL6X3bRFZUVcum/93xgRAe8ZpGthVIyHozF+QKFZT2rII:OQ0zA6Mb3ZUVDm5aRt8ZWhM5K3TeII

Score

7^/10

Malware Config

Targets

- Target
  
  pharmacy_3_0_1703131.exe
- Size
  
  22.3MB
- MD5
  
  383c4a35016c3d52fded95e5b3d7b0d6
- SHA1
  
  b50c12d6a616271f02624ba03f4832da5d9aa552
- SHA256
  
  9a1c1ab02264fa8b50d5477d2795c5cf7a6bb58541ddcc7fcd2f08b7266164f3
- SHA512
  
  aff3c66713acce63adb2c7e31deee27b46ba909f80302467c7161e9f1ee10c3c4f81d35d37e88a7ad485480255806748a33737da438c8d530981bd39931b67ba
- SSDEEP
  
  393216:iVx/QIaSzAmbL6X3bRFZUVcum/93xgRAe8ZpGthVIyHozF+QKFZT2rII:OQ0zA6Mb3ZUVDm5aRt8ZWhM5K3TeII
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2