a0b0b39b69005a2d39a8b8271a3518aa0a55148b794d2b4995b3c87ed183b23b | Triage

Sharing

General

Target

a0b0b39b69005a2d39a8b8271a3518aa0a55148b794d2b4995b3c87ed183b23b
Size

2.4MB
Sample

240425-qjyl8sba8w
MD5

6184676075afacb9103ae8cbf542c1ed
SHA1

bc757642ad2fcfd6d1da79c0754323cdc823a937
SHA256

a0b0b39b69005a2d39a8b8271a3518aa0a55148b794d2b4995b3c87ed183b23b
SHA512

861ac361b585a069f2274b577b30f2a13baf72a60acd4f22da41885aee92c3975445150822f1072590d7b574ff54eb3abde6a6c4f800988ab9ff4344884f41fa
SSDEEP

49152:zgwRFL9Hckjh40JEvPgb/KZabJq1Bk2oavWcEZEUrW9:zgwRJ98kj3JCPZznvW9EUK9

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  a0b0b39b69005a2d39a8b8271a3518aa0a55148b794d2b4995b3c87ed183b23b
- Size
  
  2.4MB
- MD5
  
  6184676075afacb9103ae8cbf542c1ed
- SHA1
  
  bc757642ad2fcfd6d1da79c0754323cdc823a937
- SHA256
  
  a0b0b39b69005a2d39a8b8271a3518aa0a55148b794d2b4995b3c87ed183b23b
- SHA512
  
  861ac361b585a069f2274b577b30f2a13baf72a60acd4f22da41885aee92c3975445150822f1072590d7b574ff54eb3abde6a6c4f800988ab9ff4344884f41fa
- SSDEEP
  
  49152:zgwRFL9Hckjh40JEvPgb/KZabJq1Bk2oavWcEZEUrW9:zgwRJ98kj3JCPZznvW9EUK9
Score

8^/10

evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2