e4440c2e83349881f4eb518061cf8d670fc7b21fc44f5ab2739aa544215ef656 | Triage

Sharing

General

Target

e4440c2e83349881f4eb518061cf8d670fc7b21fc44f5ab2739aa544215ef656.exe
Size

515KB
Sample

240428-clfmjsec5t
MD5

12ce0fcbac7ec93f74fa2cdebe7823c2
SHA1

3e6e1492189ec5f0c2759c6c32b54b41a0ffcfbe
SHA256

e4440c2e83349881f4eb518061cf8d670fc7b21fc44f5ab2739aa544215ef656
SHA512

04d50d43e2c2d7b1d47c5b31a64d88cdea0838a3c9f977e14195d2991b358b94796dd51228fd0e3be52e6346e5f53ca5ba198bbecbb56b5ce9d2423cb69482ff
SSDEEP

12288:L8T0rl0xZpu38AmaNmOI6d8gYlZHRQE43:L+IWfo3zNX8gYnHRQE43

Score

7^/10

Malware Config

Targets

- Target
  
  e4440c2e83349881f4eb518061cf8d670fc7b21fc44f5ab2739aa544215ef656.exe
- Size
  
  515KB
- MD5
  
  12ce0fcbac7ec93f74fa2cdebe7823c2
- SHA1
  
  3e6e1492189ec5f0c2759c6c32b54b41a0ffcfbe
- SHA256
  
  e4440c2e83349881f4eb518061cf8d670fc7b21fc44f5ab2739aa544215ef656
- SHA512
  
  04d50d43e2c2d7b1d47c5b31a64d88cdea0838a3c9f977e14195d2991b358b94796dd51228fd0e3be52e6346e5f53ca5ba198bbecbb56b5ce9d2423cb69482ff
- SSDEEP
  
  12288:L8T0rl0xZpu38AmaNmOI6d8gYlZHRQE43:L+IWfo3zNX8gYnHRQE43
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2