ducktail | e36cb720d65332ede19b931c078296472dfad9e593a16005f18298eebec450dc | Triage

Sharing

General

Target

e36cb720d65332ede19b931c078296472dfad9e593a16005f18298eebec450dc
Size

166.6MB
Sample

240228-b72lgagd93
MD5

909b8ff542a9f0d3b1a76ba0fa5f036b
SHA1

5b65415a26d06022622521311a69d46b2baed898
SHA256

e36cb720d65332ede19b931c078296472dfad9e593a16005f18298eebec450dc
SHA512

6554d104763b1270c48301308a5c85d402bba6054536e58f8f2be20672b7c2f5bd6355a14754b8728777dfeb3e72fb58e0d073ef280b3f16241531a1baeacd74
SSDEEP

1572864:hytl8IZ6lU/gmq2tuB+chCE9BQs/vvKMz5etQzI:onZ6O/gmrYB+ch/9l/3KMz5etQU

Score

10^/10

ducktail

Malware Config

Targets

- Target
  
  e36cb720d65332ede19b931c078296472dfad9e593a16005f18298eebec450dc
- Size
  
  166.6MB
- MD5
  
  909b8ff542a9f0d3b1a76ba0fa5f036b
- SHA1
  
  5b65415a26d06022622521311a69d46b2baed898
- SHA256
  
  e36cb720d65332ede19b931c078296472dfad9e593a16005f18298eebec450dc
- SHA512
  
  6554d104763b1270c48301308a5c85d402bba6054536e58f8f2be20672b7c2f5bd6355a14754b8728777dfeb3e72fb58e0d073ef280b3f16241531a1baeacd74
- SSDEEP
  
  1572864:hytl8IZ6lU/gmq2tuB+chCE9BQs/vvKMz5etQzI:onZ6O/gmrYB+ch/9l/3KMz5etQU
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2