General

  • Target

    23a39fc01343eb1b5a1ec43f92409497d73d52c8a369706a6148f9f2d7e22e86

  • Size

    12KB

  • Sample

    240522-3fhstsdb3y

  • MD5

    84ab132cf78808f377b89a0a547e4c75

  • SHA1

    d28ec3424531c30489c0eccf505c26c0fdac06d7

  • SHA256

    23a39fc01343eb1b5a1ec43f92409497d73d52c8a369706a6148f9f2d7e22e86

  • SHA512

    011d061413d9db29dbd67a53b0bc031b9b43fad6051cf0a128994450f61915304fed32f151efa76527c03733bbc3a42e5dff37ba3ec8f56429a5ab9902c3f057

  • SSDEEP

    192:FL29RBzDzeobchBj8JON/ON1druErEPEjr7AhI:929jnbcvYJOAxuEvr7CI

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      23a39fc01343eb1b5a1ec43f92409497d73d52c8a369706a6148f9f2d7e22e86

    • Size

      12KB

    • MD5

      84ab132cf78808f377b89a0a547e4c75

    • SHA1

      d28ec3424531c30489c0eccf505c26c0fdac06d7

    • SHA256

      23a39fc01343eb1b5a1ec43f92409497d73d52c8a369706a6148f9f2d7e22e86

    • SHA512

      011d061413d9db29dbd67a53b0bc031b9b43fad6051cf0a128994450f61915304fed32f151efa76527c03733bbc3a42e5dff37ba3ec8f56429a5ab9902c3f057

    • SSDEEP

      192:FL29RBzDzeobchBj8JON/ON1druErEPEjr7AhI:929jnbcvYJOAxuEvr7CI

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks