3f074fb6a883663f2937fd9435fc90f8d31ceabe496627d40b3813dbcc472ed0 | Triage

Sharing

General

Target

3f074fb6a883663f2937fd9435fc90f8d31ceabe496627d40b3813dbcc472ed0.exe
Size

102KB
Sample

240817-blakvsycqf
MD5

771b8e84ba4f0215298d9dadfe5a10bf
SHA1

0f5e4c440cd2e7b7d97723424ba9c56339036151
SHA256

3f074fb6a883663f2937fd9435fc90f8d31ceabe496627d40b3813dbcc472ed0
SHA512

2814ef23653c9be5f5e7245af291cf330c355ed12b4db76f71b4de699c67a9ffd1bdc0cc1df5352335b57ab920404b9c8e81cd9257527264bde4f72a53700164
SSDEEP

3072:pbqQQQQQQQQkQQQQQQQQQQQQQQ+QQQjQQQQQQQQQQQQQQxQQQQQQQQQjQQQQQQQ3:5qQQQQQQQQkQQQQQQQQQQQQQQ+QQQjQ+

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  3f074fb6a883663f2937fd9435fc90f8d31ceabe496627d40b3813dbcc472ed0.exe
- Size
  
  102KB
- MD5
  
  771b8e84ba4f0215298d9dadfe5a10bf
- SHA1
  
  0f5e4c440cd2e7b7d97723424ba9c56339036151
- SHA256
  
  3f074fb6a883663f2937fd9435fc90f8d31ceabe496627d40b3813dbcc472ed0
- SHA512
  
  2814ef23653c9be5f5e7245af291cf330c355ed12b4db76f71b4de699c67a9ffd1bdc0cc1df5352335b57ab920404b9c8e81cd9257527264bde4f72a53700164
- SSDEEP
  
  3072:pbqQQQQQQQQkQQQQQQQQQQQQQQ+QQQjQQQQQQQQQQQQQQxQQQQQQQQQjQQQQQQQ3:5qQQQQQQQQkQQQQQQQQQQQQQQ+QQQjQ+
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2