96b32cf057284f68cfca119a9560954ee76f9a7f7634e545c15d9b3b70566bbb | Triage

Sharing

General

Target

1a4d0807e2bfc6217e8ccdd1909111a2
Size

248KB
Sample

231230-qycnbadce7
MD5

1a4d0807e2bfc6217e8ccdd1909111a2
SHA1

eefc705d2ad689bd3aea4466cbcaebdb649d2f99
SHA256

96b32cf057284f68cfca119a9560954ee76f9a7f7634e545c15d9b3b70566bbb
SHA512

9845bcecdc54212da2c4db48b8cdeac23f433186d7809919c71db8c54edae5fbeb1ef1f50bfdde34ef41fe0eeea59ec7eb60bf46ad209a80aec4263ae9bcabcc
SSDEEP

6144:0HCyQXDsXB89crVEtKsv8sg+UrUDJAnnni8VPhNtj/t6pHt:0HCyQQRfrVET8sg+TDqnnnhNLtjViHt

Score

7^/10

Malware Config

Targets

- Target
  
  1a4d0807e2bfc6217e8ccdd1909111a2
- Size
  
  248KB
- MD5
  
  1a4d0807e2bfc6217e8ccdd1909111a2
- SHA1
  
  eefc705d2ad689bd3aea4466cbcaebdb649d2f99
- SHA256
  
  96b32cf057284f68cfca119a9560954ee76f9a7f7634e545c15d9b3b70566bbb
- SHA512
  
  9845bcecdc54212da2c4db48b8cdeac23f433186d7809919c71db8c54edae5fbeb1ef1f50bfdde34ef41fe0eeea59ec7eb60bf46ad209a80aec4263ae9bcabcc
- SSDEEP
  
  6144:0HCyQXDsXB89crVEtKsv8sg+UrUDJAnnni8VPhNtj/t6pHt:0HCyQQRfrVET8sg+TDqnnnhNLtjViHt
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2