General

  • Target

    731956e6cdf6af2975fba11d6df8d11eeb22eab328e49d0a30ecf789bac2ff1a

  • Size

    12KB

  • Sample

    240522-zsb92age39

  • MD5

    5a75354b4cea88a97bbbc0dc8718010a

  • SHA1

    307b838743b09f3b561c5ff9490e1e67cd56f3e2

  • SHA256

    731956e6cdf6af2975fba11d6df8d11eeb22eab328e49d0a30ecf789bac2ff1a

  • SHA512

    c77ed68a2f088221b0f32e02473d8d8736a6c3421b791378b159702b032912ed5f0b3a16d69ea38d85bfdca8f4d6a8ffda23f1de3cbc08ba3255bbf186b2c9ea

  • SSDEEP

    192:BL29RBzDzeobchBj8JONfONZx2ru0rEPEjr7AhY:R29jnbcvYJOcDxiu0vr7CY

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      731956e6cdf6af2975fba11d6df8d11eeb22eab328e49d0a30ecf789bac2ff1a

    • Size

      12KB

    • MD5

      5a75354b4cea88a97bbbc0dc8718010a

    • SHA1

      307b838743b09f3b561c5ff9490e1e67cd56f3e2

    • SHA256

      731956e6cdf6af2975fba11d6df8d11eeb22eab328e49d0a30ecf789bac2ff1a

    • SHA512

      c77ed68a2f088221b0f32e02473d8d8736a6c3421b791378b159702b032912ed5f0b3a16d69ea38d85bfdca8f4d6a8ffda23f1de3cbc08ba3255bbf186b2c9ea

    • SSDEEP

      192:BL29RBzDzeobchBj8JONfONZx2ru0rEPEjr7AhY:R29jnbcvYJOcDxiu0vr7CY

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks