General

  • Target

    4e929fbca9788d73c9d54d4a987b16e86d749180fddf863465324e0992850f87

  • Size

    12KB

  • Sample

    240523-a7c3fafd3x

  • MD5

    296566c8998eb34aa5787eacc0c5ab6b

  • SHA1

    d76ca0e067d5bef0f28ecd03a025720e6636251c

  • SHA256

    4e929fbca9788d73c9d54d4a987b16e86d749180fddf863465324e0992850f87

  • SHA512

    039ab56caed74deb7e1cafa510f2b4cc05a86646bbaaab6cbfec482bf94afb6a16b87478a700f66c52f4ecccec715926d72b7901c56eb97c02c15ef0889e51c2

  • SSDEEP

    192:bL29RBzDzeobchBj8JONzONlruSrEPEjr7Ah0:H29jnbcvYJOQXuSvr7C0

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      4e929fbca9788d73c9d54d4a987b16e86d749180fddf863465324e0992850f87

    • Size

      12KB

    • MD5

      296566c8998eb34aa5787eacc0c5ab6b

    • SHA1

      d76ca0e067d5bef0f28ecd03a025720e6636251c

    • SHA256

      4e929fbca9788d73c9d54d4a987b16e86d749180fddf863465324e0992850f87

    • SHA512

      039ab56caed74deb7e1cafa510f2b4cc05a86646bbaaab6cbfec482bf94afb6a16b87478a700f66c52f4ecccec715926d72b7901c56eb97c02c15ef0889e51c2

    • SSDEEP

      192:bL29RBzDzeobchBj8JONzONlruSrEPEjr7Ah0:H29jnbcvYJOQXuSvr7C0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks