31ade25a56872d3a3ad17a572731e58d26b99e63b98127cd1146cd18dc613a26 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

netcalcnetcalc.com.zip
Size

18KB
Sample

240606-w29p4sba39
MD5

f711ed6fb326217f60fe23f331e99fd3
SHA1

726312bfcfc661094429b2ed2cc27834db4da81f
SHA256

31ade25a56872d3a3ad17a572731e58d26b99e63b98127cd1146cd18dc613a26
SHA512

c496126efea67bb7dcca2988e41cd906475170e2ddefbd7ead48d2db3bba8a5e5d8082fdd53f895c76f0a6391850ba4061d34d7ff5cf81f816f1756a946fbcc2
SSDEEP

384:zDHO4qu0louBY9kj81rx+hhK2LkqeZR+clAabeZUJSOyH+:zDHyov48VxY1On+mAabH4NH+

Score

8^/10

Malware Config

Targets

- Target
  
  netcalcnetcalc.com.LnK
- Size
  
  18KB
- MD5
  
  02d733599c4c132df02a309ccbe2fcc0
- SHA1
  
  00d5582858de8c0d7ec1c9299a20e8025e100b7f
- SHA256
  
  a9d813cc06f0cad17bce19c9e71c26035378646a716adb73b36e0e5f64d2680a
- SHA512
  
  23831aa6b5d3923ba162f0a3e110eba203aaa34e94edda4d67b5bf59087733e46b0c0307d0638fa7910fa5000a6558ab6ab2c34c93145e9ffe39439f905a5b3f
- SSDEEP
  
  384:ykb0TGX8ofixvq5FeqP1EqrJm3aVQIdjDhngvYDGZmcLwUXWxtyTYybzyN1e:Nb+GMofixIFeKKh3hIdvhe7wUXWxsNzJ
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2