ad0d8c4b22e9ae3fcb83dfc0cd8113c9013e6945924bf6aeb0e9bb6d797b43cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4b4bf7d9089788bb7f19f7a8e527d4f
Size

3.4MB
Sample

240313-cl5xfahh5t
MD5

c4b4bf7d9089788bb7f19f7a8e527d4f
SHA1

182cf7e4e5d011523a891286fab19d747f098da0
SHA256

ad0d8c4b22e9ae3fcb83dfc0cd8113c9013e6945924bf6aeb0e9bb6d797b43cb
SHA512

90443c5cdd8b4951aa6ded40acd163c4ab8beee5ea23e9ac8e9d683aea7520e4c6e00bf52ea984fa5d3e686f1aa0b7d06df3bd6880bc5511bdcaa1515eafcc26
SSDEEP

98304:JYy2g2eODGhQekoXmduwGrJU58o9eHmkqh+y:GgQDk2Si58o9eTqh+

Score

8^/10

Malware Config

Targets

- Target
  
  c4b4bf7d9089788bb7f19f7a8e527d4f
- Size
  
  3.4MB
- MD5
  
  c4b4bf7d9089788bb7f19f7a8e527d4f
- SHA1
  
  182cf7e4e5d011523a891286fab19d747f098da0
- SHA256
  
  ad0d8c4b22e9ae3fcb83dfc0cd8113c9013e6945924bf6aeb0e9bb6d797b43cb
- SHA512
  
  90443c5cdd8b4951aa6ded40acd163c4ab8beee5ea23e9ac8e9d683aea7520e4c6e00bf52ea984fa5d3e686f1aa0b7d06df3bd6880bc5511bdcaa1515eafcc26
- SSDEEP
  
  98304:JYy2g2eODGhQekoXmduwGrJU58o9eHmkqh+y:GgQDk2Si58o9eTqh+
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2