84151bf5826e3300a67914ca85ff63424a775876b7372da82110d48c216610e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

update_manager.exe
Size

100KB
Sample

231123-cv66vsfe75
MD5

df5cbc617d2472681ca28261574023c7
SHA1

f0f7d08b755eca7da6d0e534f8db9351b4a36f55
SHA256

84151bf5826e3300a67914ca85ff63424a775876b7372da82110d48c216610e6
SHA512

0b8316ead733bd2fd5368dc0372cddbf2e4aed7d96c83a581e09899e265316d947b9f1aa489001ddab7770d8b53371fe64cb0db055f731df69a89d06c7200e56
SSDEEP

3072:9ThRuiU7PEEukPe+RDlb9fAicrkcRRn1221K8nsi2S:9T5Uz5PekDlJfOk81D1znsq

Score

8^/10

Malware Config

Targets

- Target
  
  update_manager.exe
- Size
  
  100KB
- MD5
  
  df5cbc617d2472681ca28261574023c7
- SHA1
  
  f0f7d08b755eca7da6d0e534f8db9351b4a36f55
- SHA256
  
  84151bf5826e3300a67914ca85ff63424a775876b7372da82110d48c216610e6
- SHA512
  
  0b8316ead733bd2fd5368dc0372cddbf2e4aed7d96c83a581e09899e265316d947b9f1aa489001ddab7770d8b53371fe64cb0db055f731df69a89d06c7200e56
- SSDEEP
  
  3072:9ThRuiU7PEEukPe+RDlb9fAicrkcRRn1221K8nsi2S:9T5Uz5PekDlJfOk81D1znsq
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2