b54c040dc2864d99793e1849cde86bb2174e55a3dec837f79e4e20f7ec5e6923 | Triage

Sharing

General

Target

c853a830fa2530a233e4a1eaf84b4273.bin
Size

2.4MB
Sample

230928-cww3aagg49
MD5

1fe54ad117967a88e1288c460628eaea
SHA1

f1ddc5a054c7cc144102e2e03581139652d77f44
SHA256

b54c040dc2864d99793e1849cde86bb2174e55a3dec837f79e4e20f7ec5e6923
SHA512

e9a6815dbb4af07c8c17d23bde525942b853ccd7b36d6a4d3123d7ea74caf84d0c56f5db493b621f5dbdea664fe5385d749d78fc75d25817cbc51e37cff4364e
SSDEEP

49152:aXgtAGN3VlR3jbB0ZZ+Z2is1S1drygxICU3impOUEh2CQV8GQS+aWMROwKdtFS:aQdJj0ZZisY1xysInVOUFnQlbM4BFS

Score

8^/10

Malware Config

Targets

- Target
  
  304cbd6f5879343c68561f1f167415d9d70c24e011c1ec114fca4e885e5a9ae7.exe
- Size
  
  2.5MB
- MD5
  
  c853a830fa2530a233e4a1eaf84b4273
- SHA1
  
  e6dc164da3b49a6c30380773bb2bca70aa937cff
- SHA256
  
  304cbd6f5879343c68561f1f167415d9d70c24e011c1ec114fca4e885e5a9ae7
- SHA512
  
  d48da0b670fab03f558355d3869bda08deec5d6ff20264814498da0786968c62819457782e986df8bd95258d6216b6837ae7f7d90d7a719303c7abd571896af4
- SSDEEP
  
  49152:kA5ujhDMCeR3qwglCPz6ObJJoFj5OkuVoHKHEZD:kA5uj+wCL6VFF1HKHEV
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2