9e9cdc500aba915c0774caeb19543064db51f8a6c426d1e881a91eb4d7cb7409 | Triage

Sharing

General

Target

file.exe
Size

2.5MB
Sample

231005-yhh46aeh2z
MD5

0a5acc42c666a7cfebf9ea8db9005c6b
SHA1

de5d9e45289121015022e326c5899aa23060f777
SHA256

9e9cdc500aba915c0774caeb19543064db51f8a6c426d1e881a91eb4d7cb7409
SHA512

063db9f94aa40147f52fa60a8135cf57ec8943d99fb56160ad3cfcb07534b055c7498db8ec788069ed42821b16f8df3064d14b2d708fb9b1d61ab472fe7d27bf
SSDEEP

49152:Xs5jI+NyvqpBJheWy2pp0erKZCC/bPSRuIWE2VeOZZ1WbeD0ccnWj+Qh/:Xs5jI+NtBeWy2pp0RHSoIhqWbeDEnI/

Score

8^/10

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  2.5MB
- MD5
  
  0a5acc42c666a7cfebf9ea8db9005c6b
- SHA1
  
  de5d9e45289121015022e326c5899aa23060f777
- SHA256
  
  9e9cdc500aba915c0774caeb19543064db51f8a6c426d1e881a91eb4d7cb7409
- SHA512
  
  063db9f94aa40147f52fa60a8135cf57ec8943d99fb56160ad3cfcb07534b055c7498db8ec788069ed42821b16f8df3064d14b2d708fb9b1d61ab472fe7d27bf
- SSDEEP
  
  49152:Xs5jI+NyvqpBJheWy2pp0erKZCC/bPSRuIWE2VeOZZ1WbeD0ccnWj+Qh/:Xs5jI+NtBeWy2pp0RHSoIhqWbeDEnI/
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2