09ceeefd3297e4ec6e500bb98bc0c8472f0e995834cba8a9673eeafd26117cff | Triage

Sharing

General

Target

09ceeefd3297e4ec6e500bb98bc0c8472f0e995834cba8a9673eeafd26117cff
Size

53KB
Sample

240112-2mse6sgac2
MD5

787b4125660d64a6865c5b5ffef6e192
SHA1

101956cf564c0d23fdabcc60f7afc0d879cd2d08
SHA256

09ceeefd3297e4ec6e500bb98bc0c8472f0e995834cba8a9673eeafd26117cff
SHA512

1df7b78d2d700fd7426c2abbeeab7a6d41e508f6d7d1ec844cd6d9b2f777872e8e4e1281e347b949180899f72337974e26d00610be6d7ee510a818845f83be60
SSDEEP

384:+hWFNiTzJhM4mWDXzuHRN7rpb045DNR9zO0q:7FNKz/Jbza1b9z

Score

8^/10

Malware Config

Targets

- Target
  
  09ceeefd3297e4ec6e500bb98bc0c8472f0e995834cba8a9673eeafd26117cff
- Size
  
  53KB
- MD5
  
  787b4125660d64a6865c5b5ffef6e192
- SHA1
  
  101956cf564c0d23fdabcc60f7afc0d879cd2d08
- SHA256
  
  09ceeefd3297e4ec6e500bb98bc0c8472f0e995834cba8a9673eeafd26117cff
- SHA512
  
  1df7b78d2d700fd7426c2abbeeab7a6d41e508f6d7d1ec844cd6d9b2f777872e8e4e1281e347b949180899f72337974e26d00610be6d7ee510a818845f83be60
- SSDEEP
  
  384:+hWFNiTzJhM4mWDXzuHRN7rpb045DNR9zO0q:7FNKz/Jbza1b9z
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2