84903b651224fb54e9d931255fead5152c3ec9b5b6bbe2c24191d4bd1eeba441 | Triage

Sharing

General

Target

55dfa7907b2874b0fab13c6fc271f0a592b60f320cd43349805bd74c41a527d3.bin.zip
Size

2.4MB
Sample

240123-q1q9gsahcj
MD5

ae1fb3b93817e88a3ed9c3ce704ba802
SHA1

00777591bc9a0dace30e1d183cfc9261ad20cfa9
SHA256

84903b651224fb54e9d931255fead5152c3ec9b5b6bbe2c24191d4bd1eeba441
SHA512

4ab6e5a92c02976b706a28906ae62de0acfe01ad8d154c7574c66c56a3dd831c16d8d4bc937ef0c3f15499e4789045cdb9955f160c2662f08f3511e0592ca276
SSDEEP

49152:FSlFn6QaU66MsT1SPnhSgA+Lyo6rfsN1TYu5aK8/oztCTApszfqoLFEZ0wQ:8taUB/T1S/hSCvufkYTP/oRMwsDqoLC0

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  55dfa7907b2874b0fab13c6fc271f0a592b60f320cd43349805bd74c41a527d3.bin.zip
- Size
  
  2.4MB
- MD5
  
  ae1fb3b93817e88a3ed9c3ce704ba802
- SHA1
  
  00777591bc9a0dace30e1d183cfc9261ad20cfa9
- SHA256
  
  84903b651224fb54e9d931255fead5152c3ec9b5b6bbe2c24191d4bd1eeba441
- SHA512
  
  4ab6e5a92c02976b706a28906ae62de0acfe01ad8d154c7574c66c56a3dd831c16d8d4bc937ef0c3f15499e4789045cdb9955f160c2662f08f3511e0592ca276
- SSDEEP
  
  49152:FSlFn6QaU66MsT1SPnhSgA+Lyo6rfsN1TYu5aK8/oztCTApszfqoLFEZ0wQ:8taUB/T1S/hSCvufkYTP/oRMwsDqoLC0
Score

1^/10
behavioral1 behavioral2
- Target
  
  55dfa7907b2874b0fab13c6fc271f0a592b60f320cd43349805bd74c41a527d3.bin
- Size
  
  5.2MB
- MD5
  
  ad9a285c86947f6787abde86af660bf6
- SHA1
  
  c248384c2add3ebd51ea1937488a5b4d6485adae
- SHA256
  
  55dfa7907b2874b0fab13c6fc271f0a592b60f320cd43349805bd74c41a527d3
- SHA512
  
  b156629c2fbf7f572db10f86a3a0fee9e4a0c80f2abb8c42e64ef1716e877d49ea06f14fe717cff7817b4c88a9d0ad4bc915eec1684eb48285668d6e3d900c1c
- SSDEEP
  
  98304:Scv6o0pEg1yGek92HD/uOfdorTEGIBq2JfCTGIYZt+ri9:Sc+nMGeXj/rfdorTEGfYZt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4