44872c207b3bb2e1b26a4825ab8c287ca080503b5b3dc9e00f44954d21621de2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a5e0bee712d399b77c885a599878abc
Size

311KB
Sample

240214-ba6txsed64
MD5

9a5e0bee712d399b77c885a599878abc
SHA1

9318f3e398d032076b7ba9298e5926f7d0abe4c1
SHA256

44872c207b3bb2e1b26a4825ab8c287ca080503b5b3dc9e00f44954d21621de2
SHA512

0ecd5de1817707e32b15d0f1e450aa10b6ac55b0d15f86e79815adb210b9e378ee8df5f6da57149c4e658976dbbac6c7b5d5f2150a2d2c17ceb4f7ae4d8d659f
SSDEEP

6144:OHg5SUDjbB16A5XX+ld1cUbZNB9bGlXjjXTZSUKl7s0IWqUh:RnX27JTB9bqtrcXJh

Score

7^/10

Malware Config

Targets

- Target
  
  9a5e0bee712d399b77c885a599878abc
- Size
  
  311KB
- MD5
  
  9a5e0bee712d399b77c885a599878abc
- SHA1
  
  9318f3e398d032076b7ba9298e5926f7d0abe4c1
- SHA256
  
  44872c207b3bb2e1b26a4825ab8c287ca080503b5b3dc9e00f44954d21621de2
- SHA512
  
  0ecd5de1817707e32b15d0f1e450aa10b6ac55b0d15f86e79815adb210b9e378ee8df5f6da57149c4e658976dbbac6c7b5d5f2150a2d2c17ceb4f7ae4d8d659f
- SSDEEP
  
  6144:OHg5SUDjbB16A5XX+ld1cUbZNB9bGlXjjXTZSUKl7s0IWqUh:RnX27JTB9bqtrcXJh
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2