fe57ff967994d3b5ee65e6dae425aa607df08bacb90cb2cd174ee7ba64e789d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe57ff967994d3b5ee65e6dae425aa607df08bacb90cb2cd174ee7ba64e789d2
Size

94KB
Sample

240913-eg1g9sshkn
MD5

6e01386c150d0cf8fd52cf53320712d5
SHA1

a9ff3bdae3faacc00f96634e95559dd6aa704bc8
SHA256

fe57ff967994d3b5ee65e6dae425aa607df08bacb90cb2cd174ee7ba64e789d2
SHA512

3d1a71046f4e1552c6e8e4e02692015b756e284da79bffd45c141475aa8cdb0a2b6c7e5585f505b6c32dd141b497a2fa2cb5fec5e76a4d85840e96406089f2d4
SSDEEP

1536:BYUb5NE3yZIp+6HO5J4ggpMFSvIKEu0dX4j2dApyZ:BYUb5QoJ4g+FXtyZ

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  fe57ff967994d3b5ee65e6dae425aa607df08bacb90cb2cd174ee7ba64e789d2
- Size
  
  94KB
- MD5
  
  6e01386c150d0cf8fd52cf53320712d5
- SHA1
  
  a9ff3bdae3faacc00f96634e95559dd6aa704bc8
- SHA256
  
  fe57ff967994d3b5ee65e6dae425aa607df08bacb90cb2cd174ee7ba64e789d2
- SHA512
  
  3d1a71046f4e1552c6e8e4e02692015b756e284da79bffd45c141475aa8cdb0a2b6c7e5585f505b6c32dd141b497a2fa2cb5fec5e76a4d85840e96406089f2d4
- SSDEEP
  
  1536:BYUb5NE3yZIp+6HO5J4ggpMFSvIKEu0dX4j2dApyZ:BYUb5QoJ4g+FXtyZ
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery