cfe46388ad6462a24848a8dc11a172e67c8ff85ae07b8aa891999c4e1ae658a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfe46388ad6462a24848a8dc11a172e67c8ff85ae07b8aa891999c4e1ae658a1
Size

734KB
Sample

231030-m5bstace3t
MD5

5f5a77b1b044d7a8d86e95855483d3d8
SHA1

756acdb00a91162542f914686c5688058d3173c0
SHA256

cfe46388ad6462a24848a8dc11a172e67c8ff85ae07b8aa891999c4e1ae658a1
SHA512

2bcb2719129a4d5b67bf6b694d6e01e6f09bb50722cbf912820b3e17c4e084b55ac801098accb91b244334d6e314deaa1626037b0e2dd15fdea9b232147647df
SSDEEP

12288:spFd8xHK3r5NaTPuWYgeWYg955/155/p2pMQ/SSF5gcUTCmENSB8oG9iPYZO0:sq8VNaTcpMUF5+CmEFJ9HO

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  cfe46388ad6462a24848a8dc11a172e67c8ff85ae07b8aa891999c4e1ae658a1
- Size
  
  734KB
- MD5
  
  5f5a77b1b044d7a8d86e95855483d3d8
- SHA1
  
  756acdb00a91162542f914686c5688058d3173c0
- SHA256
  
  cfe46388ad6462a24848a8dc11a172e67c8ff85ae07b8aa891999c4e1ae658a1
- SHA512
  
  2bcb2719129a4d5b67bf6b694d6e01e6f09bb50722cbf912820b3e17c4e084b55ac801098accb91b244334d6e314deaa1626037b0e2dd15fdea9b232147647df
- SSDEEP
  
  12288:spFd8xHK3r5NaTPuWYgeWYg955/155/p2pMQ/SSF5gcUTCmENSB8oG9iPYZO0:sq8VNaTcpMUF5+CmEFJ9HO
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1