General

  • Target

    19894857326.zip

  • Size

    883KB

  • Sample

    241112-n7kdea1mhs

  • MD5

    663c4956cb3f8651b2570dae1b3f96d2

  • SHA1

    a3196d7a26bbb1ecb4a18d84b70614f049848461

  • SHA256

    204a2d602506653273194e5909b8c969fb5d9f447af7fd9385cfeb02aff542ac

  • SHA512

    e8ea23e4caada70c66bb3056e0f26fc2864c53cbee5b6685c3060fc3bce82305d3c2a491139574c778294aa63368cb7110de95f9fda4bc1528e9bcf8cb117d25

  • SSDEEP

    24576:3YTLJC6qiuyvPW5vJ4ZfWmpZBqa2cB7vgUgvCITUxnzX66Msr:3YTLwwunuZXDBqaZSUgvQx/r

Malware Config

Targets

    • Target

      1c1d333fe2bdbda247dccc97fdd46513e39d95c8393019360e1c1597f263fa69

    • Size

      1.9MB

    • MD5

      2e2febe11417e673b886abe428111b89

    • SHA1

      4d11a766e023f22058971deebf93cead7bb0ae7a

    • SHA256

      1c1d333fe2bdbda247dccc97fdd46513e39d95c8393019360e1c1597f263fa69

    • SHA512

      cb7fcc2fa38d80acf9c8539efe1beaa401d0ef6a43acd0fcc95e3287fc7b25874d2219c4a4066703e3da6ba23d1b98eba87c4b0bc23ce8a02c84eec97585da36

    • SSDEEP

      49152:xp21z0A+biU50unDN5GQKNkyRmopy4duG/8Wea/xwu:cK3KNkomky

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks