06f1a42212e6a1581ddb3b55ac6d90abf2912b7edce084d21e5ba89d8dfa78ab | Triage

Sharing

General

Target

06f1a42212e6a1581ddb3b55ac6d90abf2912b7edce084d21e5ba89d8dfa78ab
Size

39KB
Sample

240805-w151jathll
MD5

f01b517aa6160ae02806d5c2e4b239f1
SHA1

ceca97df78c970544adca4acb62ba99f720673c3
SHA256

06f1a42212e6a1581ddb3b55ac6d90abf2912b7edce084d21e5ba89d8dfa78ab
SHA512

cc2f18c4ea14144e5173361fdbfe8fd60a50644946effa2bcf6883ab2b3596fc681406bcc4eb14df5a11b1a7478d1d1828939e98d80506abe04673a5d9a077c6
SSDEEP

384:u2T+/jvJ7+gFrJk04OMcYyOVJ9KRqnGTq/yX9k7uaaTiOmCdIniQ4dgDq:BOZ+gr36q1y/youIMdIniQTq

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  06f1a42212e6a1581ddb3b55ac6d90abf2912b7edce084d21e5ba89d8dfa78ab
- Size
  
  39KB
- MD5
  
  f01b517aa6160ae02806d5c2e4b239f1
- SHA1
  
  ceca97df78c970544adca4acb62ba99f720673c3
- SHA256
  
  06f1a42212e6a1581ddb3b55ac6d90abf2912b7edce084d21e5ba89d8dfa78ab
- SHA512
  
  cc2f18c4ea14144e5173361fdbfe8fd60a50644946effa2bcf6883ab2b3596fc681406bcc4eb14df5a11b1a7478d1d1828939e98d80506abe04673a5d9a077c6
- SSDEEP
  
  384:u2T+/jvJ7+gFrJk04OMcYyOVJ9KRqnGTq/yX9k7uaaTiOmCdIniQ4dgDq:BOZ+gr36q1y/youIMdIniQTq
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2