12bea5e878327d4cc81db8421aebb1ca2eafad7cd88b695938d3aff425a4fb45 | Triage

Sharing

General

Target

1c4db9ab7ce0c5d5285f78e1007490bd
Size

513KB
Sample

231230-zq2f5sgbcp
MD5

1c4db9ab7ce0c5d5285f78e1007490bd
SHA1

d44356deca09b698652f6285b31e0fb161cd225b
SHA256

12bea5e878327d4cc81db8421aebb1ca2eafad7cd88b695938d3aff425a4fb45
SHA512

1504e384408da7c630a1a66924607f426052db93b58b07d398d47b9b9b9040ad99be50bd6bef519f6d2c41c2d149d2ae5ee5ab095b6507e001a24b75d20ac800
SSDEEP

12288:8oTfYuqyRLu5aCWoevfZ1PUxHmA7PGbdOv4c54e08MGH2:hDYu3GeAxHmA7PGsvF54e08MGW

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  1c4db9ab7ce0c5d5285f78e1007490bd
- Size
  
  513KB
- MD5
  
  1c4db9ab7ce0c5d5285f78e1007490bd
- SHA1
  
  d44356deca09b698652f6285b31e0fb161cd225b
- SHA256
  
  12bea5e878327d4cc81db8421aebb1ca2eafad7cd88b695938d3aff425a4fb45
- SHA512
  
  1504e384408da7c630a1a66924607f426052db93b58b07d398d47b9b9b9040ad99be50bd6bef519f6d2c41c2d149d2ae5ee5ab095b6507e001a24b75d20ac800
- SSDEEP
  
  12288:8oTfYuqyRLu5aCWoevfZ1PUxHmA7PGbdOv4c54e08MGH2:hDYu3GeAxHmA7PGsvF54e08MGW
Score

8^/10

evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2