34bb0cd22bc7f89044bd80ebfb5fa53dc6b80a49116de149abc42f9d5f1cb681 | Triage

Sharing

General

Target

6fb132a2e1b6a1154123d2103ff4c272
Size

37KB
Sample

240122-r32nnshbbk
MD5

6fb132a2e1b6a1154123d2103ff4c272
SHA1

c10ed3430472ed10462671877566a08c6797513b
SHA256

34bb0cd22bc7f89044bd80ebfb5fa53dc6b80a49116de149abc42f9d5f1cb681
SHA512

74504abd5111b889093f103d1ba2472af9ac79b4446856fd3e3fb76b364dfb99f7f63ec9593a78e3d11fe056438d9fa99d7e3b2ba6fd31facdd4f1382b6a540a
SSDEEP

768:UluWkqhwlINejcl5iFKPSwVfIK6DkOqJFFAg:s1zCobiFKPSwpIXYLAg

Score

7^/10

Malware Config

Targets

- Target
  
  6fb132a2e1b6a1154123d2103ff4c272
- Size
  
  37KB
- MD5
  
  6fb132a2e1b6a1154123d2103ff4c272
- SHA1
  
  c10ed3430472ed10462671877566a08c6797513b
- SHA256
  
  34bb0cd22bc7f89044bd80ebfb5fa53dc6b80a49116de149abc42f9d5f1cb681
- SHA512
  
  74504abd5111b889093f103d1ba2472af9ac79b4446856fd3e3fb76b364dfb99f7f63ec9593a78e3d11fe056438d9fa99d7e3b2ba6fd31facdd4f1382b6a540a
- SSDEEP
  
  768:UluWkqhwlINejcl5iFKPSwVfIK6DkOqJFFAg:s1zCobiFKPSwpIXYLAg
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2