4fc75f8810fa76a9db62ca238f67959a16e87bdff0398b0ae2823f35f4afa9d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d0913fce5eb524ddfd13585d1d8df80N.exe
Size

94KB
Sample

240915-fbgcwawfkr
MD5

5d0913fce5eb524ddfd13585d1d8df80
SHA1

3d72e9e67457019b7fabb7a6884958370762a859
SHA256

4fc75f8810fa76a9db62ca238f67959a16e87bdff0398b0ae2823f35f4afa9d9
SHA512

01ed6def7edaf4d153eeff912017e017f8b2a48c1f92a816655f3faf75f19f4410af63528dbcabe97e86d178299082c7c74542d0a5c2e7cbe503783ca64b004f
SSDEEP

1536:BYUb5NE3yZIp+6HO5J4ggpMFSvIKEu0dX4j2dAcVt:BYUb5QoJ4g+FXQ

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  5d0913fce5eb524ddfd13585d1d8df80N.exe
- Size
  
  94KB
- MD5
  
  5d0913fce5eb524ddfd13585d1d8df80
- SHA1
  
  3d72e9e67457019b7fabb7a6884958370762a859
- SHA256
  
  4fc75f8810fa76a9db62ca238f67959a16e87bdff0398b0ae2823f35f4afa9d9
- SHA512
  
  01ed6def7edaf4d153eeff912017e017f8b2a48c1f92a816655f3faf75f19f4410af63528dbcabe97e86d178299082c7c74542d0a5c2e7cbe503783ca64b004f
- SSDEEP
  
  1536:BYUb5NE3yZIp+6HO5J4ggpMFSvIKEu0dX4j2dAcVt:BYUb5QoJ4g+FXQ
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery