f15022d404e4fcb0e4dbe11c0f3b964a81f3a77a0e2c5d5c912eadf7c0a9392c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f15022d404e4fcb0e4dbe11c0f3b964a81f3a77a0e2c5d5c912eadf7c0a9392c
Size

2.5MB
Sample

231010-wwxtcshe63
MD5

e527ce778bb1adb4c6a6be889261f0a2
SHA1

ae80564e919c3c1aaba9feffc7b3acaa53814e18
SHA256

f15022d404e4fcb0e4dbe11c0f3b964a81f3a77a0e2c5d5c912eadf7c0a9392c
SHA512

5c2267bb03324e8434acf328798077625cda9eefa4c604eb6205e18154a77a20e1aaa81a3e7b4dae38889ad55ba8c39536609601740a425d2cef3d4ddcb70dbc
SSDEEP

49152:u25QmSMkkcYxal0ARDomlahIvy9Y6PTj/jpm5xmkmaC8uvY9/QXwgbYMHDl:u25QmeUxalVDoVhIq9Y6LDjpm5Wy9/Qd

Score

8^/10

Malware Config

Targets

- Target
  
  f15022d404e4fcb0e4dbe11c0f3b964a81f3a77a0e2c5d5c912eadf7c0a9392c
- Size
  
  2.5MB
- MD5
  
  e527ce778bb1adb4c6a6be889261f0a2
- SHA1
  
  ae80564e919c3c1aaba9feffc7b3acaa53814e18
- SHA256
  
  f15022d404e4fcb0e4dbe11c0f3b964a81f3a77a0e2c5d5c912eadf7c0a9392c
- SHA512
  
  5c2267bb03324e8434acf328798077625cda9eefa4c604eb6205e18154a77a20e1aaa81a3e7b4dae38889ad55ba8c39536609601740a425d2cef3d4ddcb70dbc
- SSDEEP
  
  49152:u25QmSMkkcYxal0ARDomlahIvy9Y6PTj/jpm5xmkmaC8uvY9/QXwgbYMHDl:u25QmeUxalVDoVhIq9Y6LDjpm5Wy9/Qd
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1