f35483e272ebce0638c0f3f154346b92ab41835427fb15438d6d8a53995ca686 | Triage

Resubmissions

07-08-2024 03:41

240807-d8sfaszern 9

07-08-2024 03:36

240807-d6bprstcja 6

Sharing

General

Target

$RPCH8TL.exe
Size

1.8MB
Sample

240807-d6bprstcja
MD5

5dd71ded97872447cfe7da9f0835284e
SHA1

eac2ff88ab9c5b281da870c9e1ce7832cde98332
SHA256

f35483e272ebce0638c0f3f154346b92ab41835427fb15438d6d8a53995ca686
SHA512

bd8445ad3a615793703db7a01d8620d94a7cc5cf509f4f1ae7963645928c597c5d94e57a2594e1495b2f1f356bff81ea5ce72ec3dd2fc671d4b61ea5a61dec20
SSDEEP

12288:o1f/akEkL8c9gJ0M/Ak7NXD4rKeXe9G4rKeXe9E4rKeXe9R4rKeXe9BnKW:uf/akE48c9ex/zXNnKW

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  $RPCH8TL.exe
- Size
  
  1.8MB
- MD5
  
  5dd71ded97872447cfe7da9f0835284e
- SHA1
  
  eac2ff88ab9c5b281da870c9e1ce7832cde98332
- SHA256
  
  f35483e272ebce0638c0f3f154346b92ab41835427fb15438d6d8a53995ca686
- SHA512
  
  bd8445ad3a615793703db7a01d8620d94a7cc5cf509f4f1ae7963645928c597c5d94e57a2594e1495b2f1f356bff81ea5ce72ec3dd2fc671d4b61ea5a61dec20
- SSDEEP
  
  12288:o1f/akEkL8c9gJ0M/Ak7NXD4rKeXe9G4rKeXe9E4rKeXe9R4rKeXe9BnKW:uf/akE48c9ex/zXNnKW
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2