49127fcef058750578d87b6a4a25c8da77185cdd8796bc589dc5cf31f884c171 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09f4f3a9a0b5a8c7ab42bf1a41ae623c.exe
Size

4.6MB
Sample

240524-rt5zqshb9s
MD5

09f4f3a9a0b5a8c7ab42bf1a41ae623c
SHA1

9539731deda693a7a1ac1eaa05a9dc9634b8cccf
SHA256

49127fcef058750578d87b6a4a25c8da77185cdd8796bc589dc5cf31f884c171
SHA512

1e210da69c9b1ecbe2430797d5edc5a90a26ead5f83db33374fcb0c527d422f034528f7801dc94a5258f8c9d3b3ab59ae9dfb0a219cd616132284f4ce11433ac
SSDEEP

98304:9nERg/N+WJxMA8ILCFGI1uE4ZVPJEdjMd:gg/N+W9vOGp/PJEVMd

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  09f4f3a9a0b5a8c7ab42bf1a41ae623c.exe
- Size
  
  4.6MB
- MD5
  
  09f4f3a9a0b5a8c7ab42bf1a41ae623c
- SHA1
  
  9539731deda693a7a1ac1eaa05a9dc9634b8cccf
- SHA256
  
  49127fcef058750578d87b6a4a25c8da77185cdd8796bc589dc5cf31f884c171
- SHA512
  
  1e210da69c9b1ecbe2430797d5edc5a90a26ead5f83db33374fcb0c527d422f034528f7801dc94a5258f8c9d3b3ab59ae9dfb0a219cd616132284f4ce11433ac
- SSDEEP
  
  98304:9nERg/N+WJxMA8ILCFGI1uE4ZVPJEdjMd:gg/N+W9vOGp/PJEVMd
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2