40e47a3ac1aedd13b13b02421cc6583d5544f88a3394d9d998fe9abebff29004 | Triage

Sharing

General

Target

b526d51bbe38d595f87a63d1d48efb51
Size

178KB
Sample

240305-t19bvacb57
MD5

b526d51bbe38d595f87a63d1d48efb51
SHA1

de9e489e6c9c15b9ea7d939f9906ef85e8466cb0
SHA256

40e47a3ac1aedd13b13b02421cc6583d5544f88a3394d9d998fe9abebff29004
SHA512

e1329df6ccf89c079ecd2b77e07e7e9e8720b5d5e6c08fc067355d60f0107455baa903ef438b33ebd745b39473bcadd1b8a42fb6e12110745ce8fe24f26003dc
SSDEEP

3072:wHIedu9fC8sk5Aymo9QTiZcnffoqsHrmGX7vfzNdK6o9:168skeviZcnffoTlX92

Score

8^/10

Malware Config

Targets

- Target
  
  b526d51bbe38d595f87a63d1d48efb51
- Size
  
  178KB
- MD5
  
  b526d51bbe38d595f87a63d1d48efb51
- SHA1
  
  de9e489e6c9c15b9ea7d939f9906ef85e8466cb0
- SHA256
  
  40e47a3ac1aedd13b13b02421cc6583d5544f88a3394d9d998fe9abebff29004
- SHA512
  
  e1329df6ccf89c079ecd2b77e07e7e9e8720b5d5e6c08fc067355d60f0107455baa903ef438b33ebd745b39473bcadd1b8a42fb6e12110745ce8fe24f26003dc
- SSDEEP
  
  3072:wHIedu9fC8sk5Aymo9QTiZcnffoqsHrmGX7vfzNdK6o9:168skeviZcnffoTlX92
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2