2a3b3b7c706b3268f7542faedf2c28b840cf6d14ec6f4e4ae9c48f5355931deb | Triage

Resubmissions

03/07/2024, 13:43

240703-q1kfyazbqc 3

03/07/2024, 13:39

240703-qx5mpsyhnd 7

03/07/2024, 13:25

240703-qn258ayame 3

Sharing

General

Target

lk42pl.zip
Size

60.7MB
Sample

240703-qx5mpsyhnd
MD5

6940103cd6a646dcca26e766359c6c02
SHA1

ad17fc30ab9dff65008694bda39ec7ea552c81db
SHA256

2a3b3b7c706b3268f7542faedf2c28b840cf6d14ec6f4e4ae9c48f5355931deb
SHA512

b70d3bff9898bd6fd13af89d4764e982ff63fdf17c0aff8c167edc9bc54320fa97b7f7fea93260eb1371d2074df02462b154b7d875345f5afb30717c831e2280
SSDEEP

1572864:QSAoezszs40GlbHT52AA6+f7Nsi/VpTL95yfGrW:Q5oezsAedT5zOSi/VpT38

Score

7^/10

Malware Config

Targets

- Target
  
  lk42pl.zip
- Size
  
  60.7MB
- MD5
  
  6940103cd6a646dcca26e766359c6c02
- SHA1
  
  ad17fc30ab9dff65008694bda39ec7ea552c81db
- SHA256
  
  2a3b3b7c706b3268f7542faedf2c28b840cf6d14ec6f4e4ae9c48f5355931deb
- SHA512
  
  b70d3bff9898bd6fd13af89d4764e982ff63fdf17c0aff8c167edc9bc54320fa97b7f7fea93260eb1371d2074df02462b154b7d875345f5afb30717c831e2280
- SSDEEP
  
  1572864:QSAoezszs40GlbHT52AA6+f7Nsi/VpTL95yfGrW:Q5oezsAedT5zOSi/VpT38
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1