e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7 | Triage

Sharing

General

Target

e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7
Size

208KB
Sample

231114-xhzapsdb52
MD5

0db48efce48f55d7337612906b419908
SHA1

437373019e49d916a132d53a85e9aee9fc42992e
SHA256

e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7
SHA512

6a3b8bd1bf097a064197000acd6308756d9131b3424e824565dacecaebcb350acf64f3d757c051442d25f28c61f956e7d68f5dadb87b05f13037e68cae541c6e
SSDEEP

6144:0ccNqCU8GLVlTJQZ2nrxLOEjIMiSN0PhoJ94B5tYR:nlTJQmrNOEjI1SN0Pi34LtI

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://r.dbfhdbkd.pw/gate/update.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://r.dbfhdbkd.pw/gate/update.php

Targets

- Target
  
  e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7
- Size
  
  208KB
- MD5
  
  0db48efce48f55d7337612906b419908
- SHA1
  
  437373019e49d916a132d53a85e9aee9fc42992e
- SHA256
  
  e2127d2e0a399c731054672bdc57cccc70ff11db384b525acc02e4a090c60cc7
- SHA512
  
  6a3b8bd1bf097a064197000acd6308756d9131b3424e824565dacecaebcb350acf64f3d757c051442d25f28c61f956e7d68f5dadb87b05f13037e68cae541c6e
- SSDEEP
  
  6144:0ccNqCU8GLVlTJQZ2nrxLOEjIMiSN0PhoJ94B5tYR:nlTJQmrNOEjI1SN0Pi34LtI
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2