9a17977c01a6d0ce92033f97f187b1347edef59f6217006368e6a7234e49a565 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8d660631ecb682a0d5ed0b035b24eb4
Size

3.4MB
Sample

240314-rrnmnsed6z
MD5

c8d660631ecb682a0d5ed0b035b24eb4
SHA1

0fff35edd81551ba89f075d0ba9795b02bac6163
SHA256

9a17977c01a6d0ce92033f97f187b1347edef59f6217006368e6a7234e49a565
SHA512

fa15f5cf25e36b00b6ff6cf0420f64b09a1ca373ed35fce6c9ce5c214a4eac8c18bda8fe34aa6be2419bc25054eed143a81e010ba5f956a5cf18d7e4ebc38d22
SSDEEP

98304:wNCqzknetu3O0cAIHziTmksJSKmcz8noORQVbcLFT:wNCqzkne43OlbzCsJXjz81QVbq

Score

8^/10

Malware Config

Targets

- Target
  
  c8d660631ecb682a0d5ed0b035b24eb4
- Size
  
  3.4MB
- MD5
  
  c8d660631ecb682a0d5ed0b035b24eb4
- SHA1
  
  0fff35edd81551ba89f075d0ba9795b02bac6163
- SHA256
  
  9a17977c01a6d0ce92033f97f187b1347edef59f6217006368e6a7234e49a565
- SHA512
  
  fa15f5cf25e36b00b6ff6cf0420f64b09a1ca373ed35fce6c9ce5c214a4eac8c18bda8fe34aa6be2419bc25054eed143a81e010ba5f956a5cf18d7e4ebc38d22
- SSDEEP
  
  98304:wNCqzknetu3O0cAIHziTmksJSKmcz8noORQVbcLFT:wNCqzkne43OlbzCsJXjz81QVbq
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2